SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, January 26th, 2026: FortiOS SSO Vuln Updates; Outlook OOB Update; VMware vCenter Exploited
6 snips
Jan 26, 2026 A rundown of a FortiOS SAML single-sign-on bypass and why any SAML integration can be at risk. Discussion of a Microsoft out-of-band Outlook update that fixes issues from recent patches. Coverage of VMware vCenter vulnerabilities that are now being actively exploited and advice on avoiding publicly exposed admin interfaces.
AI Snips
Chapters
Transcript
Episode notes
Disable FortiOS SSO Immediately
- Disable single sign-on on FortiOS until Fortinet provides a patch to prevent SAML bypass risks.
- Treat all SAML integrations with FortiOS as potentially vulnerable, not just FortiCloud setups.
SAML Validation Flaw Is Widespread
- Fortinet's issue stems from how FortiOS validates SAML messages, so any SAML provider could be abused.
- This repeats a pattern where incorrect SAML implementations allow authentication bypasses.
Install Outlook OOB Update If Affected
- Apply Microsoft's out-of-band Outlook update if you see hang or PST-on-OneDrive issues after January patches.
- Skip the update only if you do not experience the Outlook problem described in the advisory.