SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, June 12th, 2025: Quasar RAT; Windows 11 24H2 Delay; SMB Client Vuln PoC; Connectwise Signing Keys; KDE Telnet code exec
5 snips
Jun 12, 2025 Discover the sneaky Quasar RAT that can be installed via bat files, hidden within PNG images. Microsoft is delaying the Windows 11 24H2 rollout due to unexpected issues from the latest updates. An exploration of a newly patched SMB client vulnerability reveals its exploitation potential. Connectwise is taking security seriously by rotating signing certificates after a compromise. Lastly, the KDE terminal presents a concerning vulnerability that may allow arbitrary code execution through telnet URLs. Stay informed and secure!
AI Snips
Chapters
Transcript
Episode notes
Quasar RAT via Stealthy Batch Files
- Xavier demonstrated how a batch file can stealthily lead to the installation of a Quasar RAT through an image with encrypted code.
- The process also loads a normal Word document to disguise malicious activity, fooling users into a false sense of security.
Windows 11 24H2 Update Delay
- If you run Windows 11, expect a slow rollout of the 24H2 update due to earlier hardware-related issues.
- Wait for Microsoft to resolve these issues before updating to avoid disruptions.
SMB Client Vulnerability Deeper Insight
- The SMB client vulnerability patched in this Patch Tuesday allows code execution as SYSTEM, not just privilege escalation.
- The exploit complexity lies in reflection attacks that bypass traditional NTLM protection.