SANS Stormcast Wednesday, June 11th, 2025: Microsoft Patch Tuesday; Acrobat Patches
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 11 June 2025
⏱️ 7 minutes
🧾️ Download transcript
Summary
Microsoft Patch Tuesday
Microsoft today released patches for 67 vulnerabilities. 10 of these vulnerabilities are rated critical. One vulnerability has already been exploited and another vulnerability has been publicly disclosed before today.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202025/32032
Adobe Vulnerabilities
Adobe released patches for 7 different applications. Two significant ones are Adobe Commerce and Adobe Acrobat Reader. All vulnerabilities patched for Adobe Commerce can only be exploited by an authenticated user. The Adobe Acrobat Reader vulnerabilities are exploited by a user opening a crafted PDF, and the exploit may execute arbitrary code.
https://helpx.adobe.com/security/Home.html
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Wednesday, June 11, 2025 edition of the Sands Internet Storm Centers. |
| 0:07.9 | Stormcast, my name is Johannes Ulrich, and this episode brought you by the Sands.edu Bachelor's |
| 0:14.7 | Decree Program in Applied Cybersecurity is recorded in Jacksonville, Florida. |
| 0:21.2 | Well, of course, today we have to start with Microsoft Patch Tuesday. |
| 0:26.0 | Microsoft released a little bit lighter, I would say, |
| 0:29.0 | an average patch Tuesday with 67 vulnerabilities being patched, |
| 0:34.4 | 10 vulnerabilities being rated critical, |
| 0:37.0 | and then one being already exploited, |
| 0:40.0 | and one being disclosed before today. It was actually one of the 67 vulnerabilities |
| 0:46.4 | that had already been patched, announced by Microsoft Microsoft before today. |
| 0:59.4 | But anyway, so let's take a look at some noteworthy warn abilities here. |
| 1:03.0 | The first one, of course, the one that's already being exploited. |
| 1:05.8 | This is a web DAV vulnerability. If you're not familiar with WebDAF, it's an extension to HTTP. |
| 1:10.3 | It is essentially allowing you to use a web |
| 1:13.2 | server, kind of like a remote file system, SharePoint, systems like this, like this. I have also |
| 1:21.1 | seen this sometimes being used, for example, to manage files on a web server. Not as the greatest idea, but certainly has been used like this. |
| 1:32.4 | When I first saw WebDaf, I was a little bit afraid that this is something like an IIS or not a server component here. |
| 1:39.3 | However, this is in the Clined component. |
| 1:42.6 | In order to exploit this, you have to trick the client to actually |
| 1:46.7 | connect to a particular webdath resource. Well, this is not necessarily that crazy difficult. |
| 1:54.8 | The really interesting part here, and a little bit of a difficult part here is that this vulnerability |
| 2:00.2 | is in one of these leftover |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.