Today, Microsoft Patch Tuesday headlines our news with Microsoft patching 209 vulnerabilities, some

of which have already been exploited. Fortinet suspects a so far unpatched Node.js authentication

bypass to be behind some recent exploits of FortiOS and FortiProxy devices.

Microsoft January 2025 Patch Tuesday

This month's Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as zero-days.

https://isc.sans.edu/diary/rss/31590

Fortinet Security Advisory FG-IR-24-535 CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

PRTG Network Monitor Update:

Update for an already exploited XSS vulnerability in Paesler PRTG Network Monitor CVE-2024-12833

https://www.paessler.com/prtg/history/stable