SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, May 14th: Microsoft Patch Tuesday; 0-Days patched for Ivanti Endpoint Manager and Fortinet Products
May 14, 2025
Microsoft's latest Patch Tuesday reveals a staggering 78 vulnerabilities, with several already being exploited. A critical remote code execution flaw particularly affects users running Microsoft Edge in Internet Explorer mode. Ivanti's recent patches address serious authentication bypass and remote code execution vulnerabilities. Meanwhile, Fortinet has also responded to an already exploited API vulnerability by issuing urgent fixes. Stay informed on these critical updates to keep your systems secure!
AI Snips
Chapters
Transcript
Episode notes
Patch Microsoft Vulnerabilities Quickly
- Patch the 78 Microsoft vulnerabilities promptly, especially the 5 already exploited ones.
- Monitor and control the use of Microsoft Edge in Internet Explorer mode to prevent exploitation.
Chained Exploits Elevate Risk
- Ivanti Endpoint Manager Mobile's two vulnerabilities can be chained for greater impact.
- The authentication bypass enables exploitation of the remote code execution flaw without prior authentication.
Urgent Fortinet Patch Needed
- Prioritize patching Fortinet products due to the active exploitation of a stack-based buffer overflow.
- This vulnerability affects multiple Fortinet devices and supported versions, requiring urgent attention.