A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Wednesday, July 9th, 2025: Microsoft Patches; Opposum Attack;
July 08, 2025
7:44
1.29 MB ( 5.2 MB less)
Downloads: 0
Microsoft Patch Tuesday, July 2025
Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities was disclosed before being patched, and none of the vulnerabilities have so far been exploited.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%2C%20July%202025/32088
Opposum Attack
If a TLS server is configured to allow switching from HTTP to HTTPS on a specific port, an attacker may be able to inject a request into the data stream.
https://opossum-attack.com/
Ivanti Security Updates
Ivanty fixed vulnerabilities in Ivanty Connect Secure, EPMM, and EPM. In particular the password decryption vulnerabliity may be interesting.
https://www.ivanti.com/blog/july-security-update-2025