Hello and welcome to the Tuesday, August 26, 2025
edition of the SANS Internet Storm Center's Stormcast. My
name is Johannes Ulrich, recording today from
Baltimore, Maryland. And this episode is brought to you by
the SANS.edu Bachelor's Degree Program in Applied
Cybersecurity. Jesse today summarized some interesting
research that he performed looking into the reading
location position value in Microsoft Word documents. What
this refers to is if you open a document that you have
looked at before, you may get a pop-up telling you, hey, do
you just want to basically continue where you left off
last time you opened this document? Well, it turns out
that this position is stored inside the registry, but it's
not quite that straightforward to decode the value that you
find in the registry. And that's essentially what Jesse
is walking you through here, figuring out how to decode the
value defined in the registry, how to link it to a particular
position in the document. Interesting way this is sort
of being determined here and some interesting experiments
as well may be useful if you have to prove, for example,
that a user has read a particular part of the
document or maybe modified a particular part of the
document that they visited just when they last time
closed the document. And the Trail of Bits blog has an
interesting attack against AI systems that are processing
images among other data. The problem there or the feature
really that they're exploiting is downscaling. Quite often
when you are loading an image into an AI system, the AI
system will then reduce the resolution in order to
basically allow for more efficient processing of the
image. But what the Trail of Bits blog is exploiting here
is that, well, of course, as you're downscaling, there are
subtle changes to the image. And by preparing an
appropriate image, it's actually possible that there
will be text overlaid to the image as you're downscaling
it. And then we have that usual problem that we have so
often in AI systems, prompt injection because they just
can't sort of keep data and code separate. And of course,
that classic bad pattern sort of kicks in here and an
attacker is able to essentially inject a prompt
just by uploading an image or by tricking the victim into
uploading the image because in the original resolution, the
text will not be visible and there won't be anything
obviously wrong with the image. Trail of Bits suggests
that you should refrain from downscaling images, that
instead you just limit the allowable resolution of the
image. That way, a user uploading an image would first
have to downscale it themselves, which of course
would first of all make the algorithm a little bit less
predictable to the attacker. And secondly, the victim may
then be able to actually see the text. Even though in the
example that Trail of Bits has here as part of their blog,
the text is not very visible to a human. And there have
actually been similar attacks also, where basically you have
text that's not very visible to a human but can be seen and
interpreted by the AI tool that interprets the image.
Well, basically bypass sort of any kind of cursory, at least
visible, this inspection of the image. And IBM is advising
users to quickly patch their IBM jaz team server. The
vulnerability being addressed in the latest update that was
just released well, Friday last week, allows for an
unauthenticated remote attacker to update server
configuration files, which as IBM puts it, could lead to
perform unauthorized actions. I call it remote code
execution, and the CVSS score of 9.8 kind of speaks to that.
They also say that subsequently it will lead to a
denial of service condition, which of course, if you do
have unauthorized actions taking place first, is
probably the least of your problems. Well, that is it for
today. So thanks for listening. Thanks for liking,
subscribing, and recommending this podcast. And talk to you
again tomorrow. Bye.
