SANS Internet Storm Center Stormcast: August 13, 2025 Cybersecurity Updates

In this August 13, 2025 edition of the SANS Internet Storm Center Stormcast, Johannes Ullrich from Jacksonville, Florida, presents the latest updates and vulnerabilities in cybersecurity. The main topic discussed is "Patch Tuesday," where a total of 111 vulnerabilities were addressed, with 17 classified as critical. One of the vulnerabilities had already been disclosed before the update but has not yet been exploited and is classified as moderate.

A notable point is the emergence of vulnerabilities in cloud services, particularly in the Azure OpenAI portal. Microsoft has begun to be more transparent about these vulnerabilities, which is good news for users, as these patches are applied directly by Microsoft without user intervention. One of the vulnerabilities, privilege escalation in Azure OpenAI, received a CVSS score of 10 out of 10, which is exceptionally high. However, few details are available about this specific vulnerability.

Beyond cloud vulnerabilities, several other critical vulnerabilities affect Office products and graphics drivers, which can lead to remote code execution. Johannes emphasizes that there is nothing particularly alarming in this update, and he recommends applying the remaining patches with the usual caution and using a vulnerability management program.

One particularly interesting vulnerability involves shortcut files (.lnk). This vulnerability allows an attacker to trick a user into loading an icon from an SMB share, which can result in the leakage of NTLM hashes. The new variant of this vulnerability uses the target path to trigger the request to the SMB share. Johannes recommends blocking outbound port 445 to prevent these leaks and, if possible, disabling NTLM, as Microsoft plans to transition to Kerberos in the medium and long term.

Another important vulnerability concerns the libarchive decompression library. This vulnerability, an unsigned integer overflow, can lead to arbitrary code execution. Initially disclosed on May 10 with a CVSS score of 3.9, it was reclassified as critical due to the possibility of exploitation on systems with more than 13 GB of memory. This library is used in many systems, including BSD, Linux, and Windows, and antivirus tools may also be affected.

Finally, Adobe has released patches for 13 of its products, with a particular focus on Adobe Commerce. Although several vulnerabilities are critical, most require administrative privileges to be exploited, except for one security feature bypass vulnerability with a CVSS score of 5.9. Johannes recommends updating Adobe Commerce due to the likelihood of attacks targeting these vulnerabilities.

In conclusion, this security update is relatively standard, with some interesting points regarding cloud vulnerabilities and shortcut files. Johannes encourages users to apply the necessary patches and remain vigilant against new threats.