SANS Stormcast Wednesday, May 14th: Microsoft Patch Tuesday; 0-Days patched for Ivanti Endpoint Manager and Fortinet Products
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 14 May 2025
⏱️ 7 minutes
🧾️ Download transcript
Summary
Microsoft Patch Tuesday
Microsoft patched 70-78 vulnerabilities (depending on how you count them). Five of these vulnerabilities are already being exploited. In particular, a remote code execution vulnerability in the scripting engine should be taken seriously. It requires the Microsoft Edge browser to run in Internet Explorer mode.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20May%202025/31946
Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)
Ivanti patched an authentication bypass vulnerability and a remote code execution vulnerability. The authentication bypass can exploit the remote code execution vulnerability without authenticating first.
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US
Fortinet Patches Exploited Vulnerability in API (CVE-2025-32756)
Fortinet patched an already exploited stack-based buffer overflow vulnerability in the API of multiple Fortinet products. The vulnerability is exploited via crafted HTTP requests.
https://fortiguard.fortinet.com/psirt/FG-IR-25-254
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Wednesday, May 14th, 2025 edition of the Sands and its Stormsendors Stormcast. My name is Johannes Ulrich, and today's Stormcast is brought you from the Sands ADU certificate program in cloud security from Jacksonville, Florida. |
| 0:20.3 | And the highlight today, of course, is Microsoft's patch Tuesday. |
| 0:23.8 | We had patches for 78 vulnerabilities in May. |
| 0:28.1 | Eight of them had already been patched earlier, |
| 0:30.8 | but the 70 new vulnerabilities being announced as part of this release. |
| 0:37.3 | Out of the 78 vulnerabilities, 11 are critical, and the number that's of a little bit higher |
| 0:43.1 | the normal is that we have five already exploited vulnerabilities that are being patched |
| 0:49.1 | today. |
| 0:50.2 | Now, out of those five vulnerabilities, there are four privilege escalation of vulnerabilities. |
| 0:58.1 | And the sort of couple, I call them always friends of the show here, the Windows common log file system, driver elevation of privilege vulnerability. |
| 1:08.3 | That's something we had a couple of times before already. |
| 1:12.4 | That's the old problem where this log file system driver is running with elevated privileges. |
| 1:18.2 | It has to parse various log formats and that often fails. |
| 1:24.8 | So definitely something to be aware of. |
| 1:30.2 | There was one code execution vulnerability here and this is the scripting engine memory corruption vulnerability. However, |
| 1:38.1 | this vulnerability is only exploitable if you are running a Microsoft Edge in an Explorer mode, |
| 1:47.6 | because that scripting engine is of that leftover part from Internet Explorer. |
| 1:52.9 | Probably do some configuration checks and such, |
| 1:55.9 | make sure that this doesn't happen unintentionally. |
| 1:58.2 | I can imagine where developers, |
| 2:01.3 | maybe some system administrators |
| 2:02.6 | that need access to legacy tools as such, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.