July 2025 Security Updates and Critical Vulnerabilities from SANS Internet Storm Center
In this July 9, 2025 edition of the SANS Internet Storm Center Stormcast, Johannes Ullrich presents the latest security updates and critical vulnerabilities to watch out for. The video begins with an overview of Microsoft's patches for the month of July, totaling 139, with 130 of them concerning Microsoft software. Among these patches, seven vulnerabilities affect Git, and two are related to Chrome and Microsoft Edge, although the latter were already published a few days earlier. Ullrich highlights five particularly notable vulnerabilities. Two of them concern Microsoft Office and are classified as critical due to their ability to allow remote code execution without user interaction, simply through the document preview function. Another significant vulnerability affects Microsoft SQL Server, with an information disclosure flaw already made public, requiring an update to the OLE DB database driver. A second vulnerability in SQL Server, although less likely to be exploited, is a remote code execution flaw, underscoring the importance of not exposing SQL servers. Finally, a command injection vulnerability in SharePoint allows arbitrary command execution but requires the attacker to be authenticated. The video also addresses a new TLS vulnerability called the Apossum attack. This attack exploits a specific configuration where HTTP and HTTPS are used on the same port, typically port 80. Although rare, this configuration allows an attacker to manipulate server responses by delaying requests, which can cause users to receive incorrect pages. Ullrich explains that this vulnerability does not allow data decryption but can cause significant disruptions. In addition to Microsoft updates, the video mentions patches published by Ivanti for their Endpoint Manager. Three vulnerabilities were fixed, two of which involve incorrect use of encryption, allowing users to decrypt each other's passwords. The third vulnerability is an SQL injection that allows an authenticated attacker with administrative privileges to read arbitrary data from the database, which could be used in conjunction with the other vulnerabilities to retrieve and decrypt user passwords. Ullrich concludes by emphasizing the importance of following update procedures and thoroughly testing patches before deploying them. He also encourages staying informed about new vulnerabilities and applying updates before the next Patch Tuesday. For more details, watch the full video at the following address: https://www.youtube.com/watch?v=l_peEn4ezIo