Patch [FIX] Tuesday – [AI Hits the Hat Trick], Ep. 32

Patch [FIX] Tuesday – [AI Hits the Hat Trick], Ep. 32

The May 2026 Microsoft Patch Tuesday release looks quiet on the surface – no actively exploited zero-days, no public disclosures at release, and a CVE count below the four-month average. Don't let that fool you.

In this episode, Jason Kikta and Landon Miles break down everything that happened between April and May patch cycles, including Apple's macOS Tahoe 26.5 release with 79 CVEs, the Dirty Frag Linux kernel privilege escalation chain, and two pre-authenticated network remote code execution vulnerabilities in Windows core services that belong at the top of your patch list.

They also dig into one of the month's most significant trends: AI-assisted vulnerability research showing up by name in Microsoft, Apple, and Linux acknowledgments in the same patch cycle – including Anthropic researchers credited on a critical Windows graphics component RCE. Ten AI-attributed vulnerability discoveries shipped fixes across all three major operating systems this month.

What's covered:

  • CVE-2026-41089: Windows NetLogon RCE (CVSS 9.8) and CVE-2026-41096: Windows DNS Client RCE (CVSS 9.8)
  • CVE-2026-40402: Hyper-V guest-to-host escalation (CVSS 9.3)
  • macOS Tahoe 26.5: Wi-Fi kernel RCE, nine kernel CVEs, 20 WebKit vulnerabilities
  • Dirty Frag Linux privilege escalation chain and the Copy Fail connection
  • AI-credited discoveries from Anthropic, calif.io, Theori, and NIST's Center for AI Standards and Innovation


- Patch Tuesday Blog
- DirtyFrag Blog
- What "Mythos Ready" Means

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(224)

Patch [FIX] Tuesday – [The 570-CVE Month], Ep. 34

Patch [FIX] Tuesday – [The 570-CVE Month], Ep. 34

570 vulnerabilities. That's July's Patch Tuesday count, nearly triple last month and a record by a wide margin. Jason Kikta is joined by host Landon Miles and offensive-security researcher Serena DiPe...

14 Jul 29min

 Executive IT – What IT hiring actually looks like when AI does the work, E07

Executive IT – What IT hiring actually looks like when AI does the work, E07

Eighteen months after the Hands-On IT podcast tackled the state of IT careers, Chelsea Rickey, SVP of Human Resources at Automox, comes back to the conversation to assess what held up, what changed, a...

1 Jul 15min

Product Talk – CISA's BOD 26-04 Directive Explained, E26

Product Talk – CISA's BOD 26-04 Directive Explained, E26

CISA's BOD 26-04 replaces severity-based patching with an exploit-evidence model and remediation clocks as short as three days, fleet-wide, no exceptions. Peter Pflaster and Jason Kikta unpack the fou...

11 Jun 27min

Patch [FIX] Tuesday – [Nothing Weaponized, Everything Exposed], E33

Patch [FIX] Tuesday – [Nothing Weaponized, Everything Exposed], E33

June 2026 has no headliner. Instead of one critical bug, the release spreads thin across the kernel, the network stack, a code editor, an AI assistant, a bootloader, and a nine-year-old Linux root bug...

9 Jun 23min

Patch [FIX] Tuesday – [Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31

Patch [FIX] Tuesday – [Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31

Breaking from the normal Patch Tuesday cadence for an emergency drop. On May 7, security researcher Hyunwoo Kim published a working proof-of-concept for DirtyFrag - a Linux kernel local privilege esca...

8 Mai 10min

Autonomous IT, Live! The Math of Modern Attacks, E07

Autonomous IT, Live! The Math of Modern Attacks, E07

In this episode of Autonomous IT, Live!, we break down the widening gap between exploitation speed and remediation reality. Disclosed vulnerabilities keep climbing, exploitation windows keep shrinking...

28 Apr 33min

Secure IT – Claude Mythos: AI Vulnerability Hype vs. Evidence, E23

Secure IT – Claude Mythos: AI Vulnerability Hype vs. Evidence, E23

Claude Mythos dominated the AI security conversation for two weeks straight, from the Cloud Security Alliance's strategy briefing to sharp public skepticism to yesterday's Bloomberg report that unauth...

23 Apr 7min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
fotballpodden-2
forklart
stopp-verden
popradet
rss-gukild-johaug
det-store-bildet
hanna-de-heldige
rss-ness
aftenbla-bla
dine-penger-pengeradet
nokon-ma-ga
bt-dokumentar-2
rss-penger-polser-og-politikk
e24-podden
lydartikler-fra-aftenposten
rss-utenrikskomiteen-med-bogen-og-grasvik
unitedno