SANS ISC Stormcast, Jan 14 2025: Microsoft Patch Tuesday, FortiOS and FortiProxy Patches; Paessler PRTG Patches Today, Microsoft Patch Tuesday headlines our news with Microsoft patching 209 vulnerabilities, some of which have already been exploited. Fortinet suspects a so far unpatched Node.js authentication bypass to be behind some recent exploits of FortiOS and FortiProxy devices. Microsoft January 2025 Patch Tuesday This month's Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as zero-days. https://isc.sans.edu/diary/rss/31590 Fortinet Security Advisory FG-IR-24-535 CVE-2024-55591 An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. https://fortiguard.fortinet.com/psirt/FG-IR-24-535 PRTG Network Monitor Update: Update for an already exploited XSS vulnerability in Paesler PRTG Network Monitor CVE-2024-12833 https://www.paessler.com/prtg/history/stable keywords: prtg; fortinet; network monitor; paessler; access; microsoft; patches