Hello and welcome to the Wednesday, April 15th,

2006 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Stockholm, Germany.

And this episode is brought you by the Sands.edu undergraduate certificate program in cybersecurity fundamentals.

Well, of course, no surprise today. We're starting with Microsoft's patch Tuesday for April.

And this is a little interesting patch Tuesday when I first looked at the number of vulnerabilities patch that was quite surprised.

According to our account, we have 243 vulnerabilities. But remember, our account also includes any Microsoft Edge vulnerabilities, which were actually already patched before today.

These are vulnerabilities in the underlying chromium browser that are then ported

into Microsoft Edge as well. So after we subtract these 78 vulnerabilities, we're left with

165 vulnerabilities that are affecting Microsoft's own products, which is still a pretty solid

number.

Now, there are a couple of noteworthy ones here.

First of all, there are eight critical ones, and one that's already being exploited,

and one that hasn't been exploited yet, but, well, has become known before today.

The one that has become known before today, I may have mentioned, but it sort of came

out, I think, last week. And this is approach escalation in Microsoft Defender. One of those

typical sort of no antivirus vulnerabilities where basically an attacker can escalate privileges because, well, antivirus has

to operate at elevated privileges. The one that's already being exploited is then Microsoft

SharePoint spoofing vulnerability. There are actually two very similar SharePoint server spoofing vulnerabilities

that are being patched this month, but only one of them is already being exploited.

Now, other sort of interesting vulnerabilities, but basically critical vulnerabilities,

the one that sort of caught my eye first, that I think is sort of the most interesting one,

...