Hello, welcome to the Wednesday, September 13th, 2017 edition of the Sandinert Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Las Vegas, Nevada.

Today, of course, Microsoft's patch Tuesday, sort of an average patch Tuesday, we have a total of four vulnerabilities that are being addressed

here that were either already known or have already been exploited in the wild.

Probably the most significant vulnerability here is CVE 2017-8759. This is the the vulnerability already has been exploited in the wild.

Fire Eye has a good write-up about it. They assign it to Finfisher. Now the vulnerability here is

actually in a dot-net component that parses soap.

But the way it's being exploited is via Microsoft Office.

What fire I saw here was VIRD documents being delivered that then when opened, not in protected mode,

are triggering this vulnerability.

So Office or Microsoft VIRD is really more the delivery vector.

The actual vulnerability is in dot net.

Typical for FinFisher.

This has been used in targeted attacks,

so nothing in widespread use yet.

Microsoft rated the exploitative ability with zero, well, meaning that it's

already been used in the wild. The other three already disclosed or exploited issues aren't

really all that critical. First one, well, another fix for the prod come, prod-pound vulnerability,

this time affecting Microsoft's HoloLens.

Don't think it's really in that widespread used to be that significant, really.

Then we do have another update for Device Guard.

This is really more security feature bypass. And finally, an update to Microsoft Edge's content security policy.

There was a vulnerability that allowed you to bypass content security policy in Microsoft Edge.

...