SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, August 20th, 2025: Increased Elasticsearch Scans; MSFT Patch Issues
Aug 20, 2025
There's been a spike in reconnaissance scans targeting Elasticsearch, particularly towards the /_cluster/settings endpoint. Meanwhile, Microsoft is facing challenges with recent patches, causing issues with WSUS and transferring large files on certain SSDs. Additionally, details have emerged about two SAP vulnerabilities that can be exploited, shedding light on the ongoing security landscape and its implications for users.
AI Snips
Chapters
Transcript
Episode notes
Targeted Elasticsearch Recognizance
- Scans for Elasticsearch changed recently, focusing on the /_cluster/settings endpoint from a few IPs.
- This looks targeted and may be used to build potential target lists rather than broad internet scanning.
Don't Expose Elasticsearch Publicly
- Avoid directly exposing Elasticsearch to the public internet, especially for client-side JavaScript access.
- Place backend databases behind proper access controls and authentication to reduce risk.
Post-Patch Stability Is Variable
- Microsoft published post-patch issues after Patch Tuesday, including WSUS deployment failures and shared drive problems.
- Most issues were minor or fixed, but they reveal typical post-release instability to monitor.