Handler on Duty: Jan Kopriva
Threat Level: green
Podcast Detail
SANS Stormcast Wednesday, June 10th, 2026: Microsoft Patch Tuesday; Miasma Source Published; Fortinet Patches
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9966.mp3
My Next Class
Click HERE to learn more about classes Johannes is teaching for SANS
Microsoft June 2026 Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20June%202026%20Patch%20Tuesday/33064
Miasma Software Supply Chain Attack Toolkit Source Published
https://safedep.io/inside-the-miasma-supply-chain-attack-toolkit/
Fortinet FortiSandbox Vulnerability
https://fortiguard.fortinet.com/psirt/FG-IR-26-141
My Upcoming Classes
https://www.sans.org/profiles/dr-johannes-ullrich
iTunes
MP3 Download
RSS Feed
Google
Podbean
Amazon Echo
YouTube
Spreaker
Spotify
Discussion
Login here to join the discussion.
| Network Monitoring and Threat Detection In-Depth | Online | Arabian Standard Time | Jun 27th - Jul 2nd 2026 |
| Network Monitoring and Threat Detection In-Depth | Riyadh | Jun 27th - Jul 2nd 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Jul 13th - Jul 18th 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Online | British Summer Time | Jul 27th - Aug 1st 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Las Vegas | Sep 21st - Sep 25th 2026 |
| Network Monitoring and Threat Detection In-Depth | Amsterdam | Nov 9th - Nov 14th 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 14th - Dec 18th 2026 |
Podcast Transcript
Hello and welcome to the Wednesday, June 10th, 2026 edition of the SANS Internet Storm Center's Stormcast. My name is Johannes Ullrich, recording today from Jacksonville, Florida. This episode is brought to you by the SANS.edu graduate certificate program in incident response. Well, it's patch Tuesday, so let's start with what Microsoft had to offer today. And we got patches for 204 vulnerabilities, which actually just covers the Microsoft part here. There are also 360 vulnerabilities being addressed this month in Chromium, which then does affect the Edge browser created by Microsoft. So we certainly start seeing sort of some of the AI creation effect here coming in with the larger number of vulnerabilities in total. However, I think one thing to consider here is, it's not necessarily that there are more vulnerable products. So you still need to patch about the same number of products, which in particular in the Chromium case, well, keep Edge up to date. And that takes care of over half of the vulnerabilities this month as far as Microsoft is concerned. But let's go back to the vulnerabilities here. There are six of the vulnerabilities that affect Microsoft cloud solutions. So you don't have to do anything about it. Among the other vulnerabilities, there are 38 critical ones and three that were disclosed before today, but not yet exploited. Now, one of these disclosed vulnerabilities is the BitLocker bypass. There was quite a bit of talk about that. Now, there are two additional BitLocker bypass vulnerabilities actually that have been patched here. So it's not just the one that Nightmare Eclipse published a couple of weeks ago. Now, there are also two vulnerabilities affecting HTTP .Sys. That's essentially Microsoft's web server engines. One of the vulnerabilities already talked about, that one has already been disclosed as well. It's this compression bomb vulnerability in the HPAC algorithm in HTTP2. Also, of course, affects HTTP3. Now, Microsoft is mitigating this with a max headers account registry setting that you can then basically set to a reasonable limit and that restricts how many headers will be analyzed in incoming requests. The second HTTP sys vulnerability has not yet been disclosed and is certainly interesting because it does lead to remote code execution. It's an integer overflow vulnerability. It does require an oversized request to trigger it. So if you have some kind of application firewall or such, they often may already restrict request sizes. And they also, as a workaround, recommend to set the max request byte setting in the registry in order to basically limit the maximum size of a request that HTTP .Sys will analyze. You have to be a little bit careful with this, of course. And if you do allow large downloads to your web server, then you may not want to set this too small. But for most web servers, you have fairly limited sizes on requests. So those are, I think, sort of the real sort of big interesting ones. There's also a stack-based buffer overflow in Active Directory domain services. It does require some authentication, but does not require administrator access and such. And Microsoft considers exploit development here as unlikely. And then we also have a good number of critical vulnerabilities in Microsoft Office, Outlook, Word. So now that usual set of software that always has a couple critical ones. That's sort of the bulk of the critical vulnerabilities are this month as far as Microsoft is concerned. As far as patch priority goes, definitely watch that HTTP.Sys if you have any exposed web servers running. That's definitely something that I would focus on. Other than that, I don't sort of see any sort of critical absolutely patch now. The BitLocker stuff, yes, you know, has been known now for a while. But again, the attack service is a little bit limited. It's really sort of more these evil mate attacks and such that you're worried about. Not so much like, you know, a server issue or anything like that with these BitLocker vulnerabilities. But yes, basically apply them in accordance with your vulnerability management program. But I don't think there's sort of any reason to rush out anything here. And then just a quick sort of follow up on the Miasma software supply chain attack. That's the latest incarnation of sort of these GitHub attack tools like Team PCP or Shai Hulud. Well, that particular toolkit is now open source. There were a number of GitHub repositories that were set up with the software. So just expect more of the same based on this release. Microsoft also reinstated some of the repositories that they took offline because of this attack. So if you rely on any of that software, still, of course, be careful and pin your versions, pin to hashes, and make sure that you are actually loading it from the correct source. I would still, you know, go to the original source. Whenever, you know, the repository like this is being taken offline, you sometimes have, often with good intentions, people setting up like copies of it and such. Please don't use them. You know, stick with the original. That at least will, again, minimize your attack surface here a little bit. And Fortinet published yet another OS command injection vulnerability in the Forty Sandbox. Now, they describe it as an injection via JSON input on start VNC feature. Not a lot of additional details here, but we have seen a number of these type of vulnerabilities in Forty Sandbox recently. So definitely, I would patch it quickly because it's not a typical one where ransomware actors or such may be working on an exploit. Well, and that's all I have time for today. So a couple other patches and such I may cover tomorrow as appropriate. Let me know if there's particular patches so that I missed. We have usually quite a few that are being released on Patch Tuesday. So thanks for liking. Thanks for any feedback. Thanks for recommending this podcast and talk to you again tomorrow. Bye.
The Internet Storm Center is a community for everyone, so join the conversation
© 2026 SANS™ Internet Storm Center
Developers: We have an API for you! 