SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Stormcast, Jan 14 2025: Microsoft Patch Tuesday, FortiOS and FortiProxy Patches; Paessler PRTG Patches
Jan 15, 2025
Microsoft's latest Patch Tuesday updates reveal 209 fixed vulnerabilities, including critical ones that have been actively exploited. The discussion highlights specific risks these vulnerabilities pose to network security. Fortinet raises alarms about an unpatched Node.js authentication bypass that could grant attackers super-admin privileges on FortiOS devices. The podcast also emphasizes the importance of securing admin interfaces and managing software vulnerabilities effectively.
07:48
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Microsoft's January 2025 updates patch 209 vulnerabilities, with three actively exploited, emphasizing the need for user awareness to prevent exploitation.
- Fortinet's warning about an authentication bypass in Node.js highlights the importance of securing admin interfaces to enhance enterprise security measures.
Deep dives
Microsoft Vulnerabilities Review
Microsoft's latest updates address a significant number of vulnerabilities, with a total of 209 identified, including twelve rated as critical. Among these, three remote code execution vulnerabilities specifically target Microsoft Access, despite being classified as important. Exploitation of these vulnerabilities requires user interaction, as attackers must convince victims to open harmful files, which reduces the likelihood of widespread attacks. Additional critical vulnerabilities were noted in services like Azure Marketplace and Microsoft Excel, with potential exploits remaining an area of concern, particularly regarding document interactions.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
