Hello and welcome to the Wednesday, September 13th, 2023 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Big first item today, of course, is patch Tuesday, Microsoft released patches for 66 vulnerabilities. Five of them are critical and two are

already being exploited. As usual for our summary, it does include the chromium vulnerabilities

and batches that are included in Microsoft Edge. And typically, we're already been released a few days or a week or so ahead of

Patch Tuesday.

The two already exploited vulnerabilities are of course the ones that are of the headliners here.

One is a Microsoft Streaming Service Proxy vulnerability.

It's a privilege escalation vulnerability that

could help an attacker to gain system privileges after they initially compromised the system.

The second one is a bit more interesting, I think. It's labeled as only in an information disclosure

of vulnerability. That's true, but it does

disclose NTLM hashes. So it's not one of those information disclosure vulnerability that does

provide access to some internal kernel state or so to help with buffer overflows. But this one actually

releases NTLM hashes.

Given the weak hashing of those hashes, it does release your Windows password.

It's a very typical vulnerability in that essentially the attacker tricks the user into establishing

an outbound connection, which then requires off the occasional receiving

site, and automatically the NTLM hashes are being sent. We had this vulnerability in a number

of different contexts. This latest one happens in Microsoft VIRT as the user previews a document in the preview pane.

As we had very similar vulnerabilities before attacks are readily available, it typically is as

easy as including an SMB link in a document that is then automatically being accessed.

...