Podcast Detail

SANS Stormcast Wednesday, March 11th, 2026: Windows, Fortinet, Adobe, and Zoom Patches

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9844.mp3

previous
Podcast Logo
Windows, Fortinet, Adobe, and Zoom Patches
00:00

Podcast Transcript

 Hello and welcome to the Wednesday, March 11, 2026
 edition of the SANS Internet Storm Center's Stormcast. My
 name is Johannes Ullrich, recording today from
 Jacksonville, Florida. And this episode is brought to you
 by the SANS.edu Graduate Certificate Program in Cloud
 Security. Well, and today of course, Microsoft's patch
 Tuesday leads the news. Microsoft did release updates
 fixing 93 vulnerabilities, 9 vulnerabilities in Chromium
 that affect Microsoft Edge. Now, among the vulnerabilities
 we had 8 critical vulnerabilities and 2 that
 were disclosed prior to the day, but this time we had no
 vulnerability that was actually already exploited.
 Now, when it comes to disclosed vulnerabilities, the
 first one is a denial of service, vulnerability in
 .NET. Microsoft considers exploitation unlikely and
 denial of service vulnerabilities. While this
 one doesn't require authentication, it could be
 exploited across the network. It's still not usually sort of
 at the top of the priority. The second one is probably
 even a little bit more interesting. It's a privilege
 escalation in SQL Server. Now, you need to be authenticated
 in this case to then escalate privileged to sysadmin. But
 the scenario that I envision here is where, for example,
 you have a web application or something like this that has
 access to a SQL Server using a lower privileged account.
 Maybe there's a chance here to exploit that, but that's not
 really clear from the advisory. The advisory usually
 is fairly sparse. And then among the critical
 vulnerabilities, there are a couple of them that are
 included in the list here, but they're actually in
 Microsoft's cloud products. And that's, you know, they
 have started doing that in the last few months, sort of for
 transparency where they tell you what they patched in the
 cloud. So those are nothing where you have to do anything
 like there's a Microsoft payment orchestrator. There's
 also a Microsoft ACI confidential containers. These
 four vulnerabilities between those two products are all
 cloud-based. So nothing that you need to do. Probably sort
 of most interesting from exploit point of view are a
 number of Excel and Office remote code execution
 vulnerabilities. That's definitely stuff that you need
 to patch. Also interesting that one of the critical
 vulnerabilities was reported by XBOW, which is a famous AI
 company that basically finds a vulnerability that made quite
 a bit of news like lately. So that's it for Microsoft, but
 Microsoft wasn't alone today when it comes to patches. And
 then continuing with patches, we got patches from Fortinet
 for a number of their products. I'll focus here on
 the high and the one critical vulnerability. There are two
 high vulnerabilities in Fortinet's ranking. They're
 both buffer overflows, one affecting the FortiswitchAX
 fixed, and that's an LLDP issue. So that's something
 where you need sort of network adjacent traffic in order to
 exploit that. The second one affects Fortinet manager, and
 here in particular, the FGT updates service. So this is
 possibly a little bit more remote exploitable. There's
 one critical vulnerability that was patched yesterday,
 and that vulnerability is really just the OpenSSL patch.
 It was released a week or so ago. I think I mentioned the
 vulnerability here. It's also a potential code execution
 vulnerability in OpenSSL. A lot of dependencies on whether
 or not that's exploitable, but the Fortinet did rate it as
 critical, and a couple different products are
 affected by this vulnerability. And of course,
 we got Adobe 80 vulnerabilities across eight
 different products. And well, if you have been listening to
 this podcast for a while, of course, there are always a
 couple Adobe products I'm particularly interested in.
 Adobe Commerce here is in the list again, with some remote
 code execution vulnerabilities that are exploitable via cross
 -site scripting. And then we also have Adobe Acrobat
 Reader, which suffers from three vulnerabilities. Two of
 them are critical and do allow remote code execution. So
 those, like I said, are usually the products that I
 worry about because commerce, fairly popular and sort of
 often exposed to the public. And of course, Acrobat Reader,
 probably the most popular product here from Adobe today.
 And Zoom released an update. Zoom usually not sort of a
 participant of a patch Tuesday, but we got an update
 for Zoom Workplace for Windows fixing. One critical
 vulnerability, CVSS score of 9 .6. They describe it as an
 external control of file name or path. And apparently if
 you're using the mail feature of Zoom Workplace, that could
 be exploited. I assume it's some kind of attachment or
 such where as you're saving it, the attacker controls
 where the particular file is being saved to. And that of
 course can always then lead to remote code execution. If
 you're able to direct the file into some folder or such where
 it's then being executed. And that's it for today. One patch
 sort of, I didn't cover was SAP had a couple of them. So
 if you're running that, double check if there's anything to
 patch, but it's one of the more complex areas. And thanks
 for listening. Thanks for anybody who's leaving good
 comments or subscribing or liking. And as always talk to
 you again tomorrow. Bye. connecting moans co Thank you.