SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, August 14th, 2025: Equation Editor; Kerberos Patch; XZ-Utils Backdoor; ForitSIEM/FortiWeb patches
Aug 14, 2025
Old vulnerabilities are still posing serious threats, with a 2017 Excel exploit actively targeting users to steal passwords. Microsoft recently patched a critical Kerberos privilege escalation flaw impacting Exchange servers. There's a lurking backdoor in outdated Debian Docker images stirring concerns about software safety. Plus, Fortinet is addressing exploited vulnerabilities in their security products. These discussions highlight the ongoing challenges in cyber security and the importance of staying vigilant against both old and new threats.
AI Snips
Chapters
Transcript
Episode notes
Old Equation Editor Still Exploited
- Xavier found an .xlam Excel file that exploited the old 2017 Equation Editor vulnerability instead of using macros.
- The file triggered a downloader that ran an infostealer which exfiltrated passwords via email.
Mitigate Legacy-Vulnerability Risk
- Expect older disclosed vulnerabilities to remain exploitable in the wild and monitor legacy file types accordingly.
- Keep isolated VMs for testing and block common outbound channels like unauthorized SMTP to limit exfiltration.
Kerberos Path Traversal Enables Dangerous Pivot
- A disclosed Exchange/Hybrid Kerberos flaw can let an Exchange admin pivot to domain controllers using path traversal in Kerberos.
- Public disclosure before patch makes such flaws especially risky in hybrid environments.