Hello and welcome to the Wednesday, February 11th,

2006 edition of the Sands and then at Stormsunners Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the sands.edu credit certificate program in cyber security engineering.

Well, of course, top of the news today, Microsoft's patch Tuesday, and the number of patches was actually not that bad.

We got patches for 59 different Microsoft vulnerabilities.

There were patches released earlier this month for Microsoft Edge.

Those are the chromium browser vulnerabilities that were sort of ported over to Microsoft Edge.

But the big story is really that we have six vulnerabilities that are being addressed that were already exploited before today.

And three of these vulnerabilities have been somewhat publicly known already.

So those are, of course, those three are the ones that you need to pay most attention to.

And a little bit lucky, I guess.

These are actually three similar and related vulnerabilities.

You may be familiar in Windows with technologies like smart screen and such, where if you're

downloading some binary or some script and then you double-click it. Well, you'll get a warning that you're

about to execute code that you download it from the internet. And these vulnerabilities allow to

bypass exactly sort of these type of warnings. Now, it affects three different subsystems here,

which is why we have three different wannabillies. One is Windows

Shell, one is Microsoft Word. And then we also have a patch for MSHtml. That's the good old

Inan Explorer HTML rendering engine. Of course, has long been replaced with Microsoft Edge,

which has its own rendering engine,

but a lot of other software still uses MSHtml, and that's why we need this patch.

...