Hello and welcome to the Wednesday, October 15th, 2025
edition of the SANS Internet Storm Center's Stormcast. My
name is Johannes Ullrich, recording today from
Jacksonville, Florida. And this episode is brought to you
by the SANS.edu Graduate Certificate Program in
Cybersecurity Leadership. And of course, it's Microsoft
Patch Tuesday, and we'll have to talk a little bit about
some of the patches released today. But I want to start out
with talking about some of the software that will no longer
be supported after today. First of all, Windows 10.
Windows 10, no official free updates after today. You can
sign up for the extended security updates, which in the
US costs you some money. I think it's like $20, $30 or
such a year. It's not terribly expensive in the European
Union. I believe it's free. Not sure exactly what it'll
cost you in other countries. On the other hand, well, they
really want you to upgrade to Windows 11. And that's sort of
the obvious path here. There were some issues creating the
disks to update to Windows 11. That should be also fixed now.
Office 2016, 2019. Also no more updates after today.
Microsoft's goal here is to get you to sign up for Office
365. But if you insist in having your own copy of
Office, there is still Office 2024 available. And that's
also an extended update release. So you should get
updates for quite a few years to come. Exchange server,
Exchange server 2016, 2019. No more updates after today. Here
you have the Exchange server subscription edition to use
for those who still need the Exchange server on premise.
And last time I pointed out that Microsoft really wants
you to move away from that. Well, there are actually still
some reasons why you need Exchange server on premise.
And for those people, Exchange server subscription edition.
And as the name implies, you are now signed up for an
annual subscription with that version. And of course, for
your sort of external email needs, you probably just want
to go with the cloud solution again here and no longer
maintain anything on premise, if you can help it at least
nothing that's sort of exposed to the outside. So these are
the big software packs that are no longer supported. Other
than that, there were 157 different vulnerabilities that
I counted. Now, you may see different counts around here.
What I noticed in this particular update, there were
a lot of Azure vulnerabilities. I don't count
them since there's nothing really you need or have to do
for these particular vulnerabilities. Also, some
sort of in third party open source software were included
sort of in the vulnerability feed here by Microsoft. So I
focused on really the ones that you know, are Microsoft's
own software. And here sort of interesting, we got some co
-pilot spoofing vulnerabilities that are rated
as critical. And that's of course, now with co-pilot
becoming a bigger and bigger part, definitely something
that you should consider here. Also, the Microsoft 365 co
-pilot, also a critical spoofing vulnerability here
for this software. Excel, we got again a bunch of different
remote code execution vulnerabilities. One of them
is rated critical. And also some generic Microsoft Office
remote code execution vulnerabilities that are rated
critical. And remember, if they're rated critical, it
usually means no user interaction required. There
are three vulnerabilities that were either publicly known
already exploited. One of them in the Windows Gear modem
driver. I wasn't really familiar with a gear modem. So
did some googling and looks like that's basically a
chipset that's often used in USB modems that are used like,
you know, for receiving faxes and such if that's still a
thing for you. But remember, even if you aren't receiving
faxes with your PC, you probably have that driver
installed. And it's a privilege escalation
vulnerability. So it would be a typical vulnerability to be
exploited by these, you know, vulnerable driver kind of
exploits. And that's probably also how it got exploited. The
other vulnerability in this category is a Windows remote
access connection manager vulnerability. Again, a
software that you're probably not using but have installed
and that's also a privilege escalation vulnerability. So
overall, it's quite a few different vulnerabilities here
in this update. Nothing that I would sort of rate as overly
critical in the sense that you must patch now. Roll it out in
accordance with your normal vulnerability management
system. And then we have two updates or two vulnerabilities
being patched by Fortinet. First vulnerability is what
they call a restricted CLI command bypass. And what it
refers to is that a normal authenticated user is able to
execute systems commands. The second vulnerability that
they're addressing here is a weak authentication in the WAD
GUI. This is really just a brute force protection is
missing. So attackers are able to brute force usernames and
passwords. If you have a good username and password, then it
should be less of an issue. But again, apply the patches.
None of them I would rate as super critical. The first one,
you require authentication first to exploit it. The
second one, well, if you have some reasonable passwords, it
should hopefully take an attacker a while to guess
those passwords. Well, and that's what we have time for
today. There are a couple more Adobe updates and such I'll
cover tomorrow. And thanks for listening. Thanks for
subscribing. Thanks for liking this podcast and talk to you
again tomorrow. Bye.
