ISC StormCast for Wednesday, September 14th 2016
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 14 September 2016
⏱️ 9 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Wednesday, September 14th, 2016 edition of the Sansonet Storms, StormCast. My name is Johannes Ulrich, and today I'm recording from Las Vegas, Nevada. |
| 0:12.5 | Today we kind of got a patch super Tuesday with patches not only from Microsoft and Adobe, but also updates from Apple. So let's start with the probably most |
| 0:24.8 | important set here and that's Microsoft. Microsoft released a total of 14 bulletins, seven of |
| 0:32.7 | which are rated critical. Now one of these bulletins is for Adobe's Flash Player, which is also |
| 0:41.1 | included in Microsoft products like its browsers. The first two bulletins, MS-16-104 and |
| 0:48.4 | 105 are as usual for Microsoft's Internet Explorer and Edge the monthly cumulative security update. |
| 0:57.3 | These fix a number of different vulnerabilities, most importantly one that already has been |
| 1:03.9 | exploited in the wild. |
| 1:06.0 | Luckily, it's only an information disclosure of vulnerability that could help NetHacker to exploit other remote code execution vulnerabilities in the browser. |
| 1:17.1 | Essentially, these information disclosure vulnerabilities allow NetHacker to learn more about Innet Explorer's or Edge's memory layout, |
| 1:25.3 | which then makes a successful exploit for another vulnerability more likely. |
| 1:33.2 | MS 106 is a security update for Microsoft's graphics component. |
| 1:38.9 | Something we have seen before these graphics, kernel drivers, can be used to execute arbitrary code so certainly you |
| 1:49.1 | should patch these rather quickly similar ms 16107 the usual security update for Microsoft office |
| 1:58.1 | fixes yet another set of vulnerabilities that can be triggered if the user |
| 2:03.7 | does open crafted Office documents. M.S16108 gets a little bit more interesting again. |
| 2:11.8 | This is an update for Microsoft Exchange Server. It does actually update the Oracle outside in libraries. |
| 2:20.3 | We have seen vulnerabilities in these libraries before. They are typically used to convert documents |
| 2:26.3 | and many different piece of software are using these libraries. It's not just Exchange Server. |
| 2:33.3 | Oracle did fix a number of vulnerabilities in these libraries. It's not just Exchange Server. Oracle did fix a number of vulnerabilities in these |
| 2:37.3 | libraries back in July in Oracle's last quarterly critical patch update. This update for |
| 2:44.5 | the Exchange Server does patch Microsoft's use of these libraries in Exchange Server. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.