SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby Patches.

The December 10, 2025 Stormcast opened with a concise review of Microsoft’s Patch Tuesday. Out of 57 disclosed vulnerabilities, only three earned a critical rating, and the most urgent issue was a privilege‑escalation flaw in the Cloud Files Mini‑filter driver that is already being weaponized. Microsoft also refined the Invoke‑WebRequest PowerShell cmdlet, adding a warning to curb inadvertent code execution, and tightened constraints on the GitHub Copilot plug‑in for JetBrains IDEs, reflecting growing concerns around AI‑driven code injection.

Adobe’s update slate was lighter than usual, covering five products but spotlighting two high‑risk fixes. Fusion suffered an unconstrained file‑upload vulnerability that could enable remote code execution via a malicious web shell, while Acrobat Reader addressed classic PDF‑based code‑execution exploits. Ivanti (formerly Avanti) released a critical patch for Endpoint Manager, fixing a stored cross‑site scripting flaw in admin sessions that earned a CVSS 9.6 score, potentially allowing attackers to hijack privileged browsers. Fortinet warned of an authentication‑bypass bug affecting all devices using its 40 cloud single‑sign‑on service, urging administrators to disable the feature until patched. A final note covered a Ruby SAML library parser discrepancy, closing a lingering XML parsing issue.

For enterprise security teams, these updates underscore the importance of rapid patch management and layered defenses. While Microsoft’s overall patch load was modest, the presence of an actively exploited driver bug demands immediate remediation. Adobe and Ivanti’s high‑severity flaws illustrate that even routine product lines can harbor critical weaknesses, especially in file‑handling and admin interfaces. Organizations should prioritize disabling vulnerable SSO pathways, enforce strict code‑execution policies in PowerShell scripts, and validate third‑party libraries such as Ruby SAML parsers. Proactive monitoring, timely patch deployment, and continuous threat‑intel integration remain essential to mitigate the evolving exploit landscape.