SANS Stormcast Podcast Summary

Date: March 10, 2026
Host: Johannes B. Ullrich
Episode Focus: Encrypted Client Hello & ExifTool Vulnerability

Episode Overview

In this episode, Johannes B. Ullrich provides a concise update on key shifts in internet security, focusing on the recently standardized Encrypted Client Hello (ECH) for TLS and a critical vulnerability in ExifTool—an image metadata extraction tool. An additional advisory is given for Nextcloud Flow users regarding a serious Windmill component flaw.

Key Discussion Points

1. New RFCs for Encrypted Client Hello

• RFC 9848 & RFC 9849 Published

  • [00:30] Two new RFCs standardize the Encrypted Client Hello (ECH) in TLS.
  • Previously, only the Server Name Indication (SNI) was encrypted; now, nearly the entire Client Hello can be protected, boosting privacy by hiding metadata such as the hostname.

• Why It's Important

  • [01:15] Client Hello often leaks identifying information, undermining user anonymity.
  • Encrypting the entirety of the Client Hello also prevents fingerprinting by observers (identifying browsers/clients via handshake metadata).

• How It Works

  • [02:05] Encryption of the Client Hello requires communicating the public key for encryption. This is done via DNS, using either the HTTPS DNS record type (primarily for web traffic) or Service Binding type for other TLS applications.

• Adoption Status

  • [02:45] Cloudflare is a leader in deploying ECH. For paying customers, enabling ECH is as simple as checking a box in the dashboard.

• Implications for Defenders

  • [03:10] ECH reduces visibility into network traffic for defenders and analysts.
  • Blocking ECH might inadvertently break HTTP/3/QUIC and other services negotiated through these DNS records, so carefully evaluate before implementing blocks.

• Notable Quote:

  • “With this extension it’s now possible to encrypt the complete client hello. This also does prevent some fingerprinting, basically figuring out what browser or other client you may be using.” — Johannes B. Ullrich [01:15]

2. Critical Vulnerability in ExifTool

• Background and Use Cases

  • [04:08] ExifTool is a command-line utility common on Unix systems, used for extracting metadata (like geolocation) from images.

• Nature of Vulnerability

  • [04:20] The vulnerability enables potential command execution, especially when ExifTool is used to handle user-submitted images improperly.
  • Particularly risky when using the -N (raw data mode) option—which outputs data as found, without parsing.

• Platform Risk

  • [04:35] macOS is specifically mentioned as vulnerable due to bundling affected ExifTool versions, and no patch is available yet.

• Update Expectations

  • [05:10] Apple’s irregular patch schedule delays fixes. A macOS update, expected next week, is likely to address ExifTool and other open-source tool flaws.

• Notable Quote:

  • “This latest vulnerability could potentially be used for command execution. So scenarios where this is particular critical is where you have, for example, a web application that processes EXIF data from user-submitted data and then, well, isn’t doing so carefully enough.” — Johannes B. Ullrich [04:20]

3. Nextcloud Flow: Windmill Secret Leak Vulnerability

• Description & Impact

  • [05:28] Users self-hosting Nextcloud Flow should urgently update due to a flaw in the bundled Windmill component.
  • Vulnerability leaks the super admin secret in the users_config.json file, enabling attackers to authenticate as administrators.

• Severity and Vector

  • [05:45] CVSS score: 8.8, but technically “adjacent”—requires same network segment access for exploitation.
  • Announcement is sparse on technical detail, but the risk is considered critical.

• Expert Caution

  • “I would be a little bit more careful here and definitely consider this a critical vulnerability.” — Johannes B. Ullrich [06:10]

Memorable Moments & Quotes

• “Cloudflare, as so often, has been one of the frontrunners here when it comes to encrypted client hellos. And if you have a paid for Cloudflare account, well, it’s just checking a checkbox and you have it enabled.” — Johannes B. Ullrich [02:45]
• “If you’re blocking these HTTPS or these SVCB records... you will also lose HTTP/3 or QUIC because that’s also negotiated via these HTTPS records... so just blocking HTTPS outright may be an option, but... make sure that it’s in line with what you need for your business.” — Johannes B. Ullrich [03:30]
• “Let’s hope—we’re sort of expecting actually an update next week for macOS that they’ll include an update for ExifTool.” — Johannes B. Ullrich [05:10]

Timestamps of Key Segments

| Timestamp | Topic | |-----------|------------------------------------------| | 00:30 | Introduction to new RFCs for TLS ECH | | 01:15 | Privacy improvements; fingerprinting | | 02:05 | Technical mechanics: DNS role in ECH | | 02:45 | Cloudflare deployment & user activation | | 03:10 | Detection/blocking and business impact | | 04:08 | ExifTool background and vulnerability | | 04:35 | macOS risk and patching | | 05:28 | Nextcloud Flow Windmill vulnerability | | 05:45 | Vulnerability details, exploitation risk |

Takeaways & Recommendations

• Security Teams: Familiarize yourself with ECH, update detection and visibility strategies, and assess any impact on network monitoring or filtering policies.
• System Administrators: Audit your deployment of image processing tools, especially ExifTool, and prepare to patch on all Unix/macOS systems.
• Nextcloud Admins: Update promptly to remediate Windmill-related credential leaks.
• All listeners: Stay abreast of quickly changing standards and vulnerabilities via the SANS Internet Storm Center.