Hello and welcome to the Wednesday, November 12, 2025 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu graduate certificate program in cyber defense

operations. And of course, today we have to start with Microsoft's patch Tuesday. Microsoft

patched, according to our account, 80 different vulnerabilities, seen others come up with 60-something

vulnerabilities. Again, that all depends

on what you're exactly counting here. If some of the edge vulnerabilities are really chromium

vulnerabilities are being included or not. But either way, we got one vulnerability that is

actually actively being exploited and, that Microsoft rated critical.

So first, let's start with the actively exploited vulnerability. That's actually just an

important vulnerability. It's a privilege escalation vulnerability in the Windows kernel.

We had plenty of them before, so wouldn't really get too overly excited about them.

They're usually parts of more complex attack chains, but by themselves, these vulnerabilities,

because we had so many of them in the past, are relatively straightforward to exploit for

an attacker. Looking at some of the critical vulnerabilities,

we do have a remote code execution vulnerability in GDI Plus.

The reason I emphasize this one particular is

because pretty much any image being rendered at some point goes through GDI Plus.

So there's a huge attack surface here,

and this is definitely a vulnerability that you need to watch.

There was also a second, a little bit similar vulnerability,

a DirectX vulnerability,

...