SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, September 10th, 2025: Microsoft Patch Tuesday;
6 snips
Sep 10, 2025 This edition dives into the latest Microsoft Patch Tuesday, tackling 177 vulnerabilities, with 13 deemed critical. Surprisingly, none had been previously exploited. The discussion also highlights Adobe's patches for nine products and the critical vulnerabilities addressed by SAP, including one with a perfect CVSS score. Timely updates are emphasized as crucial to maintaining system security.
AI Snips
Chapters
Transcript
Episode notes
Patch Count Misleads About Scope
- Microsoft fixed 177 vulnerabilities but only 86 affected Microsoft products due to included Linux and cloud distro issues.
- Many fixes relate to Azure and Windows Subsystem for Linux and are mostly open-source issues already known.
Cloud Fixes Inflate Patch Lists
- Microsoft sometimes omits cloud/backend vulnerability details because fixes are applied on their side and customers don't patch them.
- This leads to listings that include cloud-specific Linux distro issues unfamiliar to standard Windows admins.
Stick To Regular Microsoft Patch Rhythms
- You should apply Microsoft patches according to your normal patch cycle and not rush unless you have specific exposure.
- Prioritize getting updates done before the next Patch Tuesday to stay current.