SANS Stormcast Wednesday, July 23rd, 2025: Sharepoint 2016 Patch; MotW Privacy and WinZip; Interlock Ransomware; Sophos Patches
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 23 July 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
Microsoft Updates SharePoint Vulnerability Guidance CVE-2025-53770 and CVE-2025-53771
Microsoft released its update for SharePoint 2016, completing the updates across all currently supported versions.
https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
WinZip MotW Privacy
Starting with version 7.10, WinZip introduced an option to no longer include the download URL in zip files as part of the Mark of the Web (MotW).
https://isc.sans.edu/diary/WinRAR%20MoTW%20Propagation%20Privacy/32130
Interlock Ransomware
Several government agencies collaborated to create an informative and comprehensive overview of the Interlock ransomware. Just like prior writeups, this writeup is very informative, including many technical details useful to detect and block this ransomware.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a
Sophos Firewall Updates
Sophos patched five different vulnerabilities in its firewalls. Two of them are critical, but these only affect a small percentage of users.
https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Wednesday, July 23rd, 2025 edition of the Sands Internet Storm Center's Stormcast. |
| 0:08.1 | My name is Johannes Ulrich, recording today from Jacksonville, Florida. |
| 0:12.2 | And this episode is brought you by the Sands.edu bachelor's degree program in Applied Cybersecurity. |
| 0:21.4 | SharePoint is still at the top of everybody's mind, and the tool shell vulnerability is still |
| 0:28.6 | being exploited. Microsoft has now also released an update for SharePoint 2016. |
| 0:35.6 | Yesterday, we only had the update for 2019 and for the subscription edition. |
| 0:41.6 | Another thing to point out here, there are actually two files that need to download and apply |
| 0:46.3 | for 2019 and 2016. The first one is the security update for SharePoint itself. And then there is a second one, the language |
| 0:56.4 | pack. When you install the security update for Microsoft SharePoint, you will have to reboot |
| 1:02.7 | your system, and then you'll apply the language pack. The language pack update does not |
| 1:09.1 | require another reboot, |
| 1:11.6 | but you can't apply them at the same time, |
| 1:13.7 | tried it to save some time, |
| 1:15.5 | and, well, they're actually then failing, |
| 1:18.5 | so make sure you apply one after the other. |
| 1:21.9 | There's another thing that I think has been a little bit overlooked |
| 1:25.4 | in all of this, |
| 1:26.8 | and that's step four here in Microsoft's response timeline that they published |
| 1:34.1 | as part of this update. |
| 1:38.6 | The early exploits that were used against SharePoint that took advantage of this war on a billy, |
| 1:45.5 | they all had in common that they stole the system machine keys. |
| 1:50.0 | And well, that's actually a common thing to do if you're exploiting a dot net application. |
... |
Transcript will be available on the free plan in 1 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.