Hello and welcome to the Wednesday, March 12, 2020, 5 edition of the Sands and its Storms on as Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Well, today, we do have a Patch Tuesday, of course, but it's an interesting one,

and I don't just want to call it the Microsoft Patch Tuesday.

If you got, and I'll leave this a little bit sort of as a cliffhanger for later,

another company that released an interesting update today.

Microsoft did release an update for actually less vulnerable,

a normal, a little bit more than warnabilities were addressed in Microsoft's update.

But what made it interesting again was six of these vulnerabilities,

which may be a record, I haven't really looked back,

are already being exploited.

So let's talk a little bit about the already exploited vulnerabilities. Well, when we talk about these exploit vulnerabilities, they're heavy

on file system issues. Now, none of the export vulnerabilities are critical. They're all

important. The file system issues, there are three of them related to NTFS and one of them related to

fat, one of the NTFS vulnerabilities and one of the fat vulnerabilities will lead to code execution.

Microsoft labels them as remote code execution. So how would an exploit

work here? In order to trigger the exploit corrupt file system has to be mounted to the victim's

system. There are really two ways to do it. First of all, just trick the victim into

opening a VHD file. VHD files would be these virtual hard drive files that would then take

advantage of these vulnerability. But an attacker could also do it remotely if they have some

kind of access to the system, some remote shell, something like this, and then they could upload that VHD file and mount it.

So that's why they're classified as a remote code execution vulnerability.

...