Hello and welcome to the Wednesday, February 12, 2025 edition of the SADS Internet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Well, and of course today we have to start with Microsoft's Patch Tuesday.

We got patches for 55 different vulnerabilities.

Three of these are critical, two already exploited, and two of the vulnerabilities have been disclosed before today.

So two technical surrethes, and then these other two could have been surre days, but at least we don't

know of any exploitation yet. Let me start with the vulnerability that varies me the most,

but that I think is also the difficult one to really assess well. And this is an arbitrary

code execution vulnerability in LDB. This vulnerability has a ton

of potential, a potential exploit would be able to essentially get to the core of what Microsoft

Windows are the case is all about, the LDAB Active Directory. And with that, pretty much any Windows authentication is all about the LDAB Active Directory.

And with that, pretty much any Windows network is potentially vulnerable.

However, at this point, we haven't really seen an exploit against this vulnerability or similar vulnerabilities that we had in prior months. Because if you remember, we had a very similar

vulnerability description last month, and I think two or three months ago, there was another

L-Dab vulnerability like that. What you really should consider at this point is, given that we

have sort of this succession of different wanted billies,

there's always a chance that there are more coming.

So keep that in mind when you're mitigating this, keep notes if you're running into any

issues with mitigation here.

And then of course, you know, what do you do to provide additional hardening for Active Directory and LDAP in your network?

Potentially, this vulnerability does not require any user interaction to exploit.

With that, it's also warmable.

...