Hello, welcome to the Wednesday, October 11th, 2017 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Singapore.

Microsoft patched Tuesday, of course, brought us, again, a set of interesting patches.

66 vulnerabilities totally patched in this particular update. I want to start with one particular

vulnerability here that I labeled as patch now and this is a vulnerability in office. CVE 2017,

11826. The reason I label it as patch now is it's already being exploited in the wild.

It's yet another RTF vulnerability.

Chihu 360 who did actually detect the exploitation of this vulnerability,

did see an RTF document with an embedded VIRT-DUCS document that was used here

anywhere between August and September to compromise a system using an exploit that targets this vulnerability.

On a good side, Chi-Hu-360 did not make public a lot of details about the exploit, so as far

as I know, there is no public available exploit at this point.

There are two additional vulnerabilities where some details were already available.

Public. One wassad scripting

vulnerability in SharePoint and the second one denial of service vulnerability

in the Windows subsystem for Linux both of these have not yet been actually

exploited these shared point cross-sets scripting vulnerabilities,

they're always somewhat interesting

because it definitely can be used in some targeted attacks

in order to, for example, extract credentials and the like

from users of SharePoint.

And we got a couple of SMB vulnerabilities here,

...