Patch [FIX] Tuesday – March 2026 [SMB Is Back and ASLR Gets Shuffled], E29
Autonomous IT10 Maalis

Patch [FIX] Tuesday – March 2026 [SMB Is Back and ASLR Gets Shuffled], E29

March 2026's Patch Tuesday brings no active exploitations, but don't let that fool you. This month, Ryan Braunstein and Henry Smith break down why medium-severity vulnerabilities deserve your full attention.


First up: a Push Message Routing Service memory leak (CVE-2026-24282, CVSS 5.5) that lets attackers scrape session tokens and private keys from heap memory. Then, a pair of GDI bugs (CVE-2026-25181 and CVE-2026-25190) that chain together to defeat ASLR and deliver remote code execution with near-perfect reliability. Henry covers a Windows Accessibility Infrastructure flaw (CVE-2026-24291) hiding in a service most teams never think to harden, plus an SMB authentication bypass (CVE-2026-24294) that echoes EternalBlue and WannaCry.


What you'll learn:

- How attackers chain medium-severity bugs into full compromise paths

- Why the Push Message Routing Service is a target-rich environment for credential theft

- How a two-stage GDI exploit defeats ASLR with near-100% reliability

- Why accessibility services are blind spots on your hardening checklists

- What SMB's history with EternalBlue and WannaCry means for this month's auth bypass


Patch your systems. Audit your service accounts. Don't skip the mediums.

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(224)

Patch [FIX] Tuesday – [The 570-CVE Month], Ep. 34

Patch [FIX] Tuesday – [The 570-CVE Month], Ep. 34

570 vulnerabilities. That's July's Patch Tuesday count, nearly triple last month and a record by a wide margin. Jason Kikta is joined by host Landon Miles and offensive-security researcher Serena DiPe...

14 Heinä 29min

 Executive IT – What IT hiring actually looks like when AI does the work, E07

Executive IT – What IT hiring actually looks like when AI does the work, E07

Eighteen months after the Hands-On IT podcast tackled the state of IT careers, Chelsea Rickey, SVP of Human Resources at Automox, comes back to the conversation to assess what held up, what changed, a...

1 Heinä 15min

Product Talk – CISA's BOD 26-04 Directive Explained, E26

Product Talk – CISA's BOD 26-04 Directive Explained, E26

CISA's BOD 26-04 replaces severity-based patching with an exploit-evidence model and remediation clocks as short as three days, fleet-wide, no exceptions. Peter Pflaster and Jason Kikta unpack the fou...

11 Kesä 27min

Patch [FIX] Tuesday – [Nothing Weaponized, Everything Exposed], E33

Patch [FIX] Tuesday – [Nothing Weaponized, Everything Exposed], E33

June 2026 has no headliner. Instead of one critical bug, the release spreads thin across the kernel, the network stack, a code editor, an AI assistant, a bootloader, and a nine-year-old Linux root bug...

9 Kesä 23min

Patch [FIX] Tuesday – [AI Hits the Hat Trick], Ep. 32

Patch [FIX] Tuesday – [AI Hits the Hat Trick], Ep. 32

The May 2026 Microsoft Patch Tuesday release looks quiet on the surface – no actively exploited zero-days, no public disclosures at release, and a CVE count below the four-month average. Don't let tha...

12 Touko 34min

Patch [FIX] Tuesday – [Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31

Patch [FIX] Tuesday – [Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31

Breaking from the normal Patch Tuesday cadence for an emergency drop. On May 7, security researcher Hyunwoo Kim published a working proof-of-concept for DirtyFrag - a Linux kernel local privilege esca...

8 Touko 10min

Autonomous IT, Live! The Math of Modern Attacks, E07

Autonomous IT, Live! The Math of Modern Attacks, E07

In this episode of Autonomous IT, Live!, we break down the widening gap between exploitation speed and remediation reality. Disclosed vulnerabilities keep climbing, exploitation windows keep shrinking...

28 Huhti 33min

Secure IT – Claude Mythos: AI Vulnerability Hype vs. Evidence, E23

Secure IT – Claude Mythos: AI Vulnerability Hype vs. Evidence, E23

Claude Mythos dominated the AI security conversation for two weeks straight, from the Cloud Security Alliance's strategy briefing to sharp public skepticism to yesterday's Bloomberg report that unauth...

23 Huhti 7min

Suosittua kategoriassa Politiikka ja uutiset

aikalisa
uutiscast
ootsa-kuullut-tasta-2
rss-ootsa-kuullut-tasta
rss-vaalirankkurit-podcast
rss-podme-livebox
rss-seksicast
otetaan-yhdet
tervo-halme
aihe
politiikan-puskaradio
linda-maria
et-sa-noin-voi-sanoo-esittaa
rss-girls-finish-f1rst
viela-yksi-sivu
the-ulkopolitist
mtv-uutiset-polloraati
rss-kovin-paikka
rss-sveriges-radio-finska
rss-raha-talous-ja-politiikka