SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, April 10th: Microsoft Patch Tuesday; Adobe Patches; OpenSSL 3.5 with PQC; Fortinet
6 snips
Apr 9, 2025 This installment dives into critical vulnerabilities revealed in Microsoft's latest patch updates, stressing the urgency to address them. Adobe's patches for various products, particularly Coldfusion's remote code execution weaknesses, are also highlighted. The release of OpenSSL 3.5 grabs attention with its support for post-quantum ciphers, marking a significant advance in security. Additionally, an update from Fortinet addresses a concerning vulnerability that could allow password resets without verification, emphasizing the need for vigilance in cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Log File System Driver Vulnerability
- The Windows log file system driver's kernel-level access makes it vulnerable.
- Its parsing of potentially hostile content introduces further risk.
Patching Priorities
- Prioritize patching RDP and LDAP servers due to high exposure.
- Then, patch Office products because they represent a large attack surface.
Adobe Updates
- Update Adobe ColdFusion and Commerce promptly.
- ColdFusion has critical remote code execution vulnerabilities.