SANS Internet Storm Center Highlights Microsoft Core Utils, Cisco SSRF Patch, Acre Router Flaws, and OAuth Security Risks

The June 5, 2026, Stormcast episode from the SANS Internet Storm Center covered Microsoft’s release of Core Utils for Windows, a single signed binary emulating Unix command-line tools via symbolic links, improving manageability over open-source alternatives. Cisco patched a critical Server-Side Request Forgery (SSRF) vulnerability (CVSS 8.6) in its Unified Communication Manager, allowing authenticated users to write files, deploy web shells, and escalate privileges, with a public exploit already available. Acre routers received updates addressing two severe flaws: an authentication bypass via mishandled HTTP authorization headers and an MQTT payload sanitization issue (CVSS 10) enabling arbitrary code execution. The episode also highlighted risks in OAuth implementations, where abandoned applications retain persistent permissions, creating security gaps as domains and assets are resold, per research by identity management firm Off-Road. Usability issues in OAuth were noted, as users often misunderstand the scope of granted permissions, compounding risks as more companies using OAuth cease operations. The discussion emphasized the need for enterprises to inventory OAuth grants like API keys and stressed routine firmware updates for network devices.