Hello, welcome to the Wednesday, October 13, 2021 edition of the Sansonet Stormsendors Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

And of course, it's patched Tuesday, and with that you got fixes for, well, 74-81 vulnerabilities, depending on how you count. Three of them are

critical. Three were previously disclosed and one has already been exploited. And that's

probably the big one here. It's CVE 2021-44-49. It's an elevation of privilege's vulnerability, and it's affecting Wynne 32K.

We usually get like one or two elevation of privilege vulnerabilities in Wynn 32K each month,

but this one has already been exploited by a Chinese-speaking advanced persistent threat actor,

typically labeled as Iron Husky.

The particular Malver that used it was labeled Mystery Snail and its remote access tool.

Aside from taking advantage of that vulnerability, mystery snail is sort of your standard remote access tool. Aside from taking advantage of that vulnerability,

Mystery Snail is sort of your standard remote access tool.

It infiltrates data, allows remote execution of commands.

And of course, because it takes advantage of this privilege escalation,

it can do all of that as a system.

Now, out of the three critical vulnerabilities, there are two in HyperV, and then we have

a third one that affects VIRD and could be leveraged for code execution, so this would

then be sort of the one-to-punch where an attacker would use the

VIRC vulnerability in order to execute code and then the Burge Escalation vulnerability

in order to gain system access.

We also have yet another print spooler spoofing vulnerability that's being addressed in this

update.

Not sure if that's related to the print nightmare

...