Hello, welcome to the Wednesday, November 15th, 2017 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich. And I'm recording from Jacksonville, Florida.

Today we'll start with Microsoft's Patch Tuesday. We had a total of 54 different vulnerabilities being addressed. But overall it is actually a smaller and not all that

important patched Tuesday to what we had happened in the past. First of all, the majority of

vulnerabilities are really spread across three different products. In an explorer, Edge,

and then we have Chakra. Now, Chakra is the JavaScript and J-Script engine, so really, in some ways, part of Inan Explorer and Edge.

None of the vulnerabilities being patched today have been exploited in the wild, so this

makes us a little bit less critical, even though,

of course, the Etch and Explorer patches are rated critical. Another product that has, in my opinion,

critical patches, but Microsoft considers them only important is Office.

We have a total of six vulnerabilities being addressed there.

Probably one of the more embarrassing ones here,

and one I think that should probably be rated as critical,

is an arbitrary code execution vulnerability in the Office,

in particular, VERT equation editor. Turns out the equation

editor actually hasn't changed since 2000, same code for the last 16 years. So it doesn't have a lot

of the advanced protections that we have in more modern code. So it shouldn't be too hard for someone

to come up with an exploit for this vulnerability.

And also this vulnerability does not really require any user interaction other than opening

the Word document.

We also have patches for Microsoft Windows.

Now, here I agree with Microsoft.

These are important denial of service vulnerabilities,

...