SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, October 15th, 2025: Microsoft Patchday; Ivanti Advisory; Fortinet Patches
Oct 14, 2025
Microsoft announced the final patches for several Windows and Office products, marking the end of free updates for certain software. Ivanti provided an advisory with interim mitigation steps for new vulnerabilities. Fortinet addressed critical issues related to command bypass and brute-force weaknesses. Listeners are encouraged to prioritize updates based on normal vulnerability management. The discussions offer crucial insights into navigating recent cybersecurity challenges and ensuring robust digital protection.
AI Snips
Chapters
Transcript
Episode notes
Major Microsoft Products Reached End Of Support
- Microsoft ended free updates for Windows 10, Office 2016/2019, and Exchange 2016/2019 on this Patch Tuesday.
- Microsoft is pushing subscriptions and cloud alternatives like Office 365 and Exchange Subscription Edition as the migration path.
Choose A Supported Upgrade Or Subscription
- If you need continued updates, sign up for Extended Security Updates or move to Microsoft subscription/cloud offerings.
- Consider upgrading to Windows 11 or using Office 2024 if you must keep on-premises software.
Patch Count Hides Key Critical Issues
- The October update included about 157 vulnerabilities with many Azure and open-source entries that may not need direct action.
- Critical issues include Co-pilot spoofing and Office remote code execution, some requiring no user interaction.