SANS Stormcast Wednesday, August 13th, 2025: Microsoft Patch Tuesday; libarchive vulnerability upgrade; Adobe Patches
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 13 August 2025
⏱️ 9 minutes
🧾️ Download transcript
Summary
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20August%202025%20Patch%20Tuesday/32192
https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/
libarchive Vulnerability
A libarchive vulnerability patched in June was upgraded from a low CVSS score to a critical one. Libarchive is used by compression software across various operating systems, making this a difficult vulnerability to patch
https://www.freebsd.org/security/advisories/FreeBSD-SA-25:07.libarchive.asc
Adobe Patches
Adobe released patches for 13 different products.
https://helpx.adobe.com/security/Home.html
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Wednesday, August 13th, 2025 edition of the Sands Internet Storm Center's Stormcast. |
| 0:12.2 | My name is Johannes Ulrich, recording today from Jacksonville, Florida. |
| 0:17.4 | And this episode is brought to you by the Sands.edu credit certificate program in cyber security engineering. |
| 0:25.5 | Well, it's patch Tuesday, so we got to start with that. We got patches for a total of 111 different vulnerabilities. |
| 0:33.8 | 17 of them were classified as critical. And one of the vulnerabilities was already disclosed prior to this patch, but, well, not yet exploited. |
| 0:46.0 | And also, it's just a moderate vulnerability. |
| 0:50.4 | Looking at the vulnerabilities this month, there's sort of one thing that I think is for the first time at least that I notice it really here. |
| 0:58.9 | And that's what we are seeing some cloud vulnerabilities that are being disclosed here, like these Azure Open AI, Azure Portal, Elevation or Proledge vulnerabilities. |
| 1:08.9 | This is something that Microsoft does now in order |
| 1:11.8 | to be more transparent about vulnerabilities in its cloud infrastructure. A few months or was it |
| 1:18.6 | years ago, they started that push to basically do what they did with trusted computing back |
| 1:24.0 | in a day for their cloud properties. And the good part here is that there's nothing you need to do about these vulnerabilities. |
| 1:31.9 | These are vulnerabilities that Microsoft already has taken care of for you |
| 1:36.1 | because while they're in software that Microsoft operates in its cloud. |
| 1:42.0 | In this thing here, the Azure Open AI elevation of privilege |
| 1:45.1 | vulnerability that got a complete 10 out of 10 for its CVSS score. Couldn't sort of find a lot |
| 1:54.2 | of details about this vulnerability, but definitely interesting that a privilege and elevation |
| 1:59.8 | of privilege vulnerabilities is getting a full 10 here. |
| 2:04.1 | There are a couple of other sort of critical vulnerabilities that fall in this category, |
| 2:07.8 | pretty much the top view vulnerabilities in our table that are critical are all Azure vulnerabilities. |
| 2:16.7 | The remaining critical vulnerabilities, many of them in |
| 2:21.0 | office products, and then also sort of the usual set of graphics drivers and such that are |
... |
Transcript will be available on the free plan in 22 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.