meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, September 15th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 15 September 2021

⏱️ 5 minutes

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Adobe Patches;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Wednesday, September 15th, 2000, 21 edition of the Sansonet Storm Center's Stormcast.

0:08.0

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida, and again, teaching virtually in Reston, Virginia.

0:17.8

Microsoft's patch Tuesday, of course, really evaded this time because we do have the MSHtml

0:24.6

vulnerability CVE 2021-40444, and indeed Microsoft didn't disappoint, we did get a patch for this vulnerability.

0:36.6

Patches are available for all affected versions of Windows,

0:41.0

and of course it's critical that you install these patches with exploits being widely available

0:47.5

for this vulnerability. But this wasn't the only vulnerability of interest that Microsoft

0:53.6

patched this month.

0:55.6

We also got three more vulnerabilities that are being patched here for Windows print spooler

1:02.4

elevation of privilege vulnerabilities.

1:05.2

So more of the print nightmare type vulnerabilities, even though none of these vulnerabilities is apparently currently

1:13.2

being exploited or was released prior to this patch. Something you probably also want to

1:20.7

address quickly is vulnerability affecting the Windows WELAN auto-config service.

1:28.1

This would allow an attacker who has access to the same network

1:32.9

to execute code on your system,

1:36.5

given that this affects Wi-Fi,

1:38.9

while being on the same network,

1:41.5

is probably not such a big deal in particular if you are connecting to random open networks.

1:49.9

Microsoft also patched vulnerability in the open management infrastructure.

1:54.7

This is an open source product that Microsoft publishes that does implement the web-based enterprise management protocol standards.

2:05.8

The vulnerability, again, may be used for remote code execution, but not sure how widely

2:12.3

it's used, but probably for people who do use this tool, it is rather important.

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.