Hello, welcome to the Wednesday, November 11th, 2020 edition of the Sandstone Storm Center's Stormcast. My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

Well, it's Microsoft's patched Tuesday, so let's start with that. We received a total of 110 or 112 patches, depending on how you exactly count them, with 17 of them being rated as critical.

And then there is one that was previously disclosed. That's the one that we talked about.

I believe it was last week, the one privilege escalation vulnerability that Google has

disclosed and made public.

And Google already had seen this being exploited in the wild.

Overall, this I think isn't actually the most important vulnerability here. We do have, for example, CVE 202017.5.1.

That's a vulnerability in the Windows network file system, and it can be exploited remotely, doesn't require any

authentication, and has a CVSS score of 9.8. Microsoft also rates exploitation of this

vulnerability as more likely. And while it wouldn't be patched Tuesday without the new Microsoft SharePoint vulnerability,

I think that's always something to look for.

So CVE 2020-17061.

Now this one also makes it too important with a Microsoft's scale with a CVSS score of 8.8.

Sort of interesting also a number of critical vulnerability in the HEIF image extension and the HEV. video extension. These formats may not be as much household

names as JPEC and JIF, but they are the default file formats in iOS 11 and later, and so

you'll definitely see them from mobile devices and Macs.

Windows 10 started to support these file formats with the October 2018 update.

And with your Windows update, you may also receive a new microcode from Intel for its CPUs fixing yet another

side channel attack. These side channel attacks just don't seem to be going away. And interesting

feature that's being abused here, the running average power limit or Rappel feature in some of these CPUs, which

is really intended to limit the power consumed by a particular CPU, for example, in data

...