New SANS Internet Storm Center Stormcast Highlights Critical Security Updates
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
In this April 9, 2025 edition of the SANS Internet Storm Center's Stormcast, Johannes Ullrich discusses the latest security updates and critical vulnerabilities. Recorded in Jacksonville, Florida, this podcast covers several crucial topics in cybersecurity. The first major topic is Microsoft's "Patch Tuesday," with a significant number of vulnerabilities addressed. Although the exact number varies depending on whether Chromium vulnerabilities applicable to Microsoft Edge are included, it is clear that this update is essential.
Among the notable vulnerabilities, a flaw in the Windows journaling file system driver, already exploited by ransomware actors, stands out. This component, which operates with kernel privileges, is often targeted due to its ability to read and analyze potentially hostile logs. Another important point concerns critical vulnerabilities in LDAP servers and Office products, particularly Excel. These vulnerabilities can allow code execution without user interaction, making them prime targets for attackers.
Johannes recommends prioritizing updates for RDP and LDAP servers, as well as Office products, due to their broad attack surface. Windows 10, although still supported for some critical updates, is being phased out. It is therefore advisable to plan a migration to more recent versions of Windows. Adobe has also released updates for 12 products, with critical vulnerabilities in Adobe ColdFusion and Adobe Commerce. These updates are crucial to prevent potential exploits. Finally, OpenSSL has released a new major version, 3.5.0, which includes post-quantum cryptography.
This update is an opportunity for security professionals to familiarize themselves with these new technologies before they become commonplace. In conclusion, Johannes mentions a critical update for Fortinet switches, fixing a vulnerability that allows unauthenticated password changes. Although this vulnerability has not yet been exploited, it is crucial to apply the update quickly. This podcast is a valuable resource for cybersecurity professionals, providing valuable insights and practical recommendations for securing systems against the latest threats.