Hello, welcome to the Wednesday, September 12, 2018 edition of the Sansanet Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Today, of course, Microsoft's patched Tuesday, and with that we got the usual patch from Adobe as well. Microsoft patched 61 different

vulnerabilities and in addition to this we got two advisories, one regarding the Adobe Flash

patch and a second one regarding Fragment Smack. Now smack was a war on a bill. It was announced

a month or so ago and essentially deals with fragmented packets that may cause a denial of service

condition. This also affected Unix. Now, what Microsoft suggests in this advisory is to change your registry to drop all out-of-order

fragments.

This seems a little bit extreme, but in modern networks you shouldn't really see any fragments.

You may see some fragments to your DNS servers.

That's fragmented UDP packets.

But aside from that, it may actually be safe to just drop all fragments at your firewall.

Yes, sounds extreme.

And I was a little bit skeptic about this at first as well.

But after some talking to our handlers and doing some experience myself, that actually seems to be a viable option.

Now, aside from this fragmentation issue, Microsoft also released a patch for the scheduler or

ALPC privilege escalation vulnerability that was already

exploited in the wild.

So that's definitely something you want to pay attention to.

And then two additional vulnerabilities that have been disclosed to the public.

But so far for these other two vulnerabilities, there haven't

been any public exploits form.

...