SANS Stormcast Friday April 11th: Network Infraxploit; Windows Hello Broken; Dell Update; Langflow Exploit
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 11 April 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
Network Infraxploit
Our undergraduate intern, Matthew Gorman, wrote up a walk through of
CVE-2018-0171, an older Cisco vulnerability, that is still actively being
exploited. For example, VOLT TYPHOON recently exploited this problem.
https://isc.sans.edu/diary/Network+Infraxploit+Guest+Diary/31844
Windows Update Issues / Windows 10 Update
Microsoft updated its "Release Health" notes with details regarding issues
users experiences with Windows Hello, Citrix, and Roblox. Microsoft also released an emergency update for Office 2016 which has stability problems after applying the most recent update.
https://support.microsoft.com/en-us/topic/april-8-2025-kb5055523-os-build-26100-3775-277a9d11-6ebf-410c-99f7-8c61957461eb
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3521
https://support.microsoft.com/en-us/topic/april-10-2025-update-for-office-2016-kb5002623-d60c1f31-bb7c-4426-b8f4-69186d7fc1e5
Dell Updates
Dell releases critical updates for it's Powerscale One FS product. In particular, it fixes a default password problem.
https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
Langflow Vulnerablity (possible exploit scans sighted) CVE-2025-3248
Langflow addressed a critical vulnerability end of March. This writeup by Horizon3 demonstrates how the issue is possibly exploited. We have so far seen one "hit" in our honeypot logs for the vulnerable API endpoint URL.
https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Friday, April 11th, |
| 0:03.2 | 2025 edition of the Sands Internet Storm Center's Stormcast. |
| 0:08.5 | My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
| 0:14.0 | Well, when you hear about recent attacks by Walt Typhoon, |
| 0:17.2 | the Chinese threat actor who has been compromising critical infrastructure, you usually think |
| 0:22.5 | about cutting-edge surrey-style exploits. |
| 0:26.2 | Sadly, that's not all there is to it. |
| 0:28.5 | There are also a lot of good old overlooked vulnerabilities. |
| 0:32.6 | And that's what today's diary is about. |
| 0:35.7 | One of our undergraduate interns, Matthew Gorman, looked at |
| 0:40.8 | CVE 2018-0171. This is, as the CVE number implies, an older vulnerability, but still |
| 0:50.3 | currently being actively exploited by threat actors like Walt Typhoon. |
| 0:56.8 | So definitely something to not overlooking infrastructure. |
| 1:00.3 | And Matthew does a great job here in walking you through some of the issues with |
| 1:05.2 | these vulnerabilities, how it's being exploited and how to protect yourself from exploitation, also why some of these |
| 1:14.4 | vulnerabilities are still a problem. |
| 1:18.4 | And then we got a little bit more cleanup for the Microsoft Patch Tuesday this week. |
| 1:23.6 | There were issues with Windows Hello, most importantly. Some users experienced after |
| 1:30.5 | rebooting their system, they could no longer log in via their pin or via facial recognition |
| 1:36.8 | with Windows Hello. Apparently, this effect systems where System Guard secure launch |
| 1:42.5 | or dynamic route of trust for measurement, |
| 1:46.5 | the RTM is enabled. The solution here is to re-enroll your device. There were also updates |
... |
Transcript will be available on the free plan in 7 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.