SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, January 14th, 2026: Microsoft, Adobe and Fortinet Patches; ConsentFix
7 snips
Jan 14, 2026 Microsoft faces a significant security challenge with 113 vulnerabilities patched, including critically exploited issues. Adobe also updates ColdFusion and Acrobat Reader, addressing serious code execution risks. Fortinet's patches tackle a dangerous buffer overflow and SSRF issues. The podcast dives into the ConsentFix attack, highlighting a crafty method where attackers manipulate OAuth consent using fake CAPTCHAs. The discussion emphasizes user awareness in combating such credential theft tactics.
AI Snips
Chapters
Transcript
Episode notes
Patch Tuesday Scope And Risk
- Microsoft January 2026 Patch Tuesday fixed 113 vulnerabilities including one in-the-wild exploit and one publicly disclosed issue.
- Eight critical bugs and a mix of important fixes mean organizations should triage based on exposure and exploitability.
Secure Boot Certificate Expiration Risk
- A disclosed Secure Boot certificate rotation issue could allow bypass when certificates expire if not updated.
- The update refreshes certificates to prevent expiration-based bypasses, restoring Secure Boot protections.
LPC Port Flaw Enables Follow-On Attacks
- An exploited LPC port vulnerability is primarily an information disclosure issue that can enable follow-on attacks.
- Microsoft rates it important, indicating attackers may chain it into more severe exploits rather than direct full compromise.