Patch [FIX] Tuesday – March 2026 [SMB Is Back and ASLR Gets Shuffled], E29
Autonomous IT10 Mar

Patch [FIX] Tuesday – March 2026 [SMB Is Back and ASLR Gets Shuffled], E29

March 2026's Patch Tuesday brings no active exploitations, but don't let that fool you. This month, Ryan Braunstein and Henry Smith break down why medium-severity vulnerabilities deserve your full attention.


First up: a Push Message Routing Service memory leak (CVE-2026-24282, CVSS 5.5) that lets attackers scrape session tokens and private keys from heap memory. Then, a pair of GDI bugs (CVE-2026-25181 and CVE-2026-25190) that chain together to defeat ASLR and deliver remote code execution with near-perfect reliability. Henry covers a Windows Accessibility Infrastructure flaw (CVE-2026-24291) hiding in a service most teams never think to harden, plus an SMB authentication bypass (CVE-2026-24294) that echoes EternalBlue and WannaCry.


What you'll learn:

- How attackers chain medium-severity bugs into full compromise paths

- Why the Push Message Routing Service is a target-rich environment for credential theft

- How a two-stage GDI exploit defeats ASLR with near-100% reliability

- Why accessibility services are blind spots on your hardening checklists

- What SMB's history with EternalBlue and WannaCry means for this month's auth bypass


Patch your systems. Audit your service accounts. Don't skip the mediums.

Episoder(211)

Automate IT – The Server Tango: Step In... and Now MySQL's Down, E14

Automate IT – The Server Tango: Step In... and Now MySQL's Down, E14

In this episode, Jeremy Maldonado shares his experiences and insights on server management, highlighting the importance of learning from mistakes, the power of automation, and finding balance between ...

3 Mar 12min

Automate IT – The Myth of the All-Knowing IT Pro, E22

Automate IT – The Myth of the All-Knowing IT Pro, E22

The all-knowing IT pro is a myth. In this episode, Automox Senior Solutions Consultant Jeremy Maldonado breaks down why curiosity and asking for help are the real foundations of a successful IT career...

26 Feb 11min

Product Talk – Bridging the CVE Gap with VulnCheck, E24

Product Talk – Bridging the CVE Gap with VulnCheck, E24

NIST is falling behind on vulnerability scoring — and the gap is growing. In this episode, Peter and Steph break down what that means for IT and security teams relying on CVE data to prioritize patchi...

24 Feb 17min

Secure IT – Why There Are No 'Nos' in IT with Rich Casselberry, E15

Secure IT – Why There Are No 'Nos' in IT with Rich Casselberry, E15

In this episode of Automox's Secure IT podcast, host Jason Kikta welcomes back Rich Casselberry, VP of IT security at AT&I, to discuss key insights from the CISO Blueprint. The conversation emphasizes...

17 Feb 9min

Patch [FIX] Tuesday – February 2026 [Chaos Engineering], E28

Patch [FIX] Tuesday – February 2026 [Chaos Engineering], E28

February's Patch Tuesday includes two actively exploited vulnerabilities you need to patch now. Ryan Braunstein breaks down a denial of service flaw in Windows Remote Access Connection Manager that ca...

10 Feb 10min

Automate IT – Beyond the Spreadsheets: Asset Intelligence & Risk Scoring, E16

Automate IT – Beyond the Spreadsheets: Asset Intelligence & Risk Scoring, E16

In this episode of Automate IT, Jeremy Maldonado dives into the world of data-driven endpoint management, breaking down what it means to go “beyond the spreadsheets.” He explores how visibility, intel...

5 Feb 9min

Automox Insiders – Pulling Back the CX Curtain with Charles Coaxum, E21

Automox Insiders – Pulling Back the CX Curtain with Charles Coaxum, E21

In this episode of Automox Insiders, Maddie Regis welcomes back Charles Coaxum, SVP of Customer Experience at Automox, to talk about what really happens after the deal is signed. Charles shares a quic...

3 Feb 10min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
i-retten
stopp-verden
popradet
lydartikler-fra-aftenposten
rss-gukild-johaug
nokon-ma-ga
fotballpodden-2
det-store-bildet
dine-penger-pengeradet
rss-ness
aftenbla-bla
hanna-de-heldige
frokostshowet-pa-p5
rss-dannet-uten-piano
rss-penger-polser-og-politikk
rss-utenrikskomiteen-med-bogen-og-grasvik