← SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Stormcast Thursday, May 14th, 2026: Flexbile Windows Proxy; News from Nightmare Eclipse; Adobe Patches
00:05:26
SANS Stormcast Thursday, May 14th, 2026: Flexbile Windows Proxy; News from Nightmare Eclipse; Adobe Patches
Loading summary
Transcript1 lines
- [00:05]
A
Hello and welcome to the Thursday, May 14, 2026 edition of the sans Internet stormsrunners stormcast. My name is Johannes Ulrich, recording today from San Diego, California and this episode is brought to you by the Sans Edu Graduate Certificate Program in Cybersecurity Engineering in Diaries. Today we do have an interesting tool recommendation from Rob. Rob, experiment with a tool called Proxifier. Now, what Proxifier is good at is if you have a Windows system and you're trying to proxy the HTTP traffic from specific binaries. Now with network rules and such, you're often able to direct traffic to particular destinations to a proxy. But what this tool allows you is to essentially isolate the traffic from a specific application that you're trying to test. And in the case of Rob, well, he directed a traffic to Burp suite in order to better explore an API that a particular application was using. This approach is really kind of neat in order to cut down on the noise that you often get if you are just sending all traffic to a proxy. And it can be sometimes challenging to figure out what traffic is actually originating from a specific binary. This makes the entire process so much easier. And then you have two new vulnerabilities being disclosed by Nightmare Eclipse, the researcher who made a name for themselves by releasing for example Bluehammer after their bug report was rejected by Microsoft's bug bounty program. The first vulnerability being released, and I think that's the more serious one, is called, called Yellow Key. This particular vulnerability attacks BitLocker in a rather effective way. So BitLocker of course, well respected disk encryption by Microsoft, but it relies on bitlocker actually locking the disk as the system is being shut down. And that's the part where Yellow key comes into place by attaching a USB stick to a Windows system. And that USB stick must contain very specific files. The disk is not locked as the system is shut down. And then a user may be able to reboot the system into rescue mode and access the still encrypted disk without being, well, sort of hindered by any kind of access control. Interesting vulnerability and also interesting find here. Apparently this was identified by reverse engineering some of the Windows binaries. The second vulnerability that was disclosed by Nightmare Eclipse is screenplasma. And that's sort of a more universal remote privilege escalation vulnerability. It essentially just makes memory available to any user that can then be used to inject DLLs and such. This particular vulnerability is not fully implemented in the proof of concept being released. So any attacker has to do a little bit more work here, but others have already kind of elaborated on how the exploit works and how it could work given the partial proof of concept. So yellow key disabled spitlocker and we have a full exploit available for it and green plasma is, well, yet another privilege escalation flaw. And we only have a partial proof of concept at least released by Nightmare Eclipse at this point. And then I'm going to talk a little bit about Adobe vulnerabilities that were patched yesterday. I didn't mention them for the patched Tuesday update because, well, we had all of these software supply chain vulnerabilities to talk about first. Adobe Connect did receive an update that fixed a deserialization vulnerability that can execute arbitrary code. So that one is certainly one to pay attention to. And then, well, one of my favorite Adobe products when it comes to vulnerabilities, Adobe Commerce, we have two critical vulnerabilities here that deserve some attention. One is an RP code execution vulnerability via cross site scripting, which is sort of interesting. And then we also do have an Arbri file system, right? It says here improper limitation of pathname or restricted directory. Well, a path traversal vulnerability which tends to be not that terribly difficult to exploit. So definitely get those patches out. We got a total of 10 Adobe products being patched in this Tuesday's patch Tuesday update from Adobe. Well, and that's all we have time for today, so thanks for listening, thanks for liking, thanks for subscribing to the podcast. Remember, there's also a video version on YouTube if you prefer that format. That's it for today and talk to you again tomorrow. Bye.