Patch [FIX] Tuesday – March 2026 [SMB Is Back and ASLR Gets Shuffled], E29

Patch [FIX] Tuesday – March 2026 [SMB Is Back and ASLR Gets Shuffled], E29

March 2026's Patch Tuesday brings no active exploitations, but don't let that fool you. This month, Ryan Braunstein and Henry Smith break down why medium-severity vulnerabilities deserve your full attention.


First up: a Push Message Routing Service memory leak (CVE-2026-24282, CVSS 5.5) that lets attackers scrape session tokens and private keys from heap memory. Then, a pair of GDI bugs (CVE-2026-25181 and CVE-2026-25190) that chain together to defeat ASLR and deliver remote code execution with near-perfect reliability. Henry covers a Windows Accessibility Infrastructure flaw (CVE-2026-24291) hiding in a service most teams never think to harden, plus an SMB authentication bypass (CVE-2026-24294) that echoes EternalBlue and WannaCry.


What you'll learn:

- How attackers chain medium-severity bugs into full compromise paths

- Why the Push Message Routing Service is a target-rich environment for credential theft

- How a two-stage GDI exploit defeats ASLR with near-100% reliability

- Why accessibility services are blind spots on your hardening checklists

- What SMB's history with EternalBlue and WannaCry means for this month's auth bypass


Patch your systems. Audit your service accounts. Don't skip the mediums.

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(224)

Patch [FIX] Tuesday – [The 570-CVE Month], Ep. 34

Patch [FIX] Tuesday – [The 570-CVE Month], Ep. 34

570 vulnerabilities. That's July's Patch Tuesday count, nearly triple last month and a record by a wide margin. Jason Kikta is joined by host Landon Miles and offensive-security researcher Serena DiPe...

14 Juli 29min

 Executive IT – What IT hiring actually looks like when AI does the work, E07

Executive IT – What IT hiring actually looks like when AI does the work, E07

Eighteen months after the Hands-On IT podcast tackled the state of IT careers, Chelsea Rickey, SVP of Human Resources at Automox, comes back to the conversation to assess what held up, what changed, a...

1 Juli 15min

Product Talk – CISA's BOD 26-04 Directive Explained, E26

Product Talk – CISA's BOD 26-04 Directive Explained, E26

CISA's BOD 26-04 replaces severity-based patching with an exploit-evidence model and remediation clocks as short as three days, fleet-wide, no exceptions. Peter Pflaster and Jason Kikta unpack the fou...

11 Juni 27min

Patch [FIX] Tuesday – [Nothing Weaponized, Everything Exposed], E33

Patch [FIX] Tuesday – [Nothing Weaponized, Everything Exposed], E33

June 2026 has no headliner. Instead of one critical bug, the release spreads thin across the kernel, the network stack, a code editor, an AI assistant, a bootloader, and a nine-year-old Linux root bug...

9 Juni 23min

Patch [FIX] Tuesday – [AI Hits the Hat Trick], Ep. 32

Patch [FIX] Tuesday – [AI Hits the Hat Trick], Ep. 32

The May 2026 Microsoft Patch Tuesday release looks quiet on the surface – no actively exploited zero-days, no public disclosures at release, and a CVE count below the four-month average. Don't let tha...

12 Maj 34min

Patch [FIX] Tuesday – [Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31

Patch [FIX] Tuesday – [Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31

Breaking from the normal Patch Tuesday cadence for an emergency drop. On May 7, security researcher Hyunwoo Kim published a working proof-of-concept for DirtyFrag - a Linux kernel local privilege esca...

8 Maj 10min

Autonomous IT, Live! The Math of Modern Attacks, E07

Autonomous IT, Live! The Math of Modern Attacks, E07

In this episode of Autonomous IT, Live!, we break down the widening gap between exploitation speed and remediation reality. Disclosed vulnerabilities keep climbing, exploitation windows keep shrinking...

28 Apr 33min

Secure IT – Claude Mythos: AI Vulnerability Hype vs. Evidence, E23

Secure IT – Claude Mythos: AI Vulnerability Hype vs. Evidence, E23

Claude Mythos dominated the AI security conversation for two weeks straight, from the Cloud Security Alliance's strategy briefing to sharp public skepticism to yesterday's Bloomberg report that unauth...

23 Apr 7min

Populärt inom Politik & nyheter

aftonbladet-krim
svenska-fall
p3-krim
rss-krimstad
tv4-nyheterna-story
aftonbladet-daily
flashback-forever
de-fyras-gang
mannen-utan-spar
motiv
rss-sanning-konsekvens
rss-vad-fan-hande
spar
rss-aftonbladet-krim
rss-frandfors-horna
rss-krimreportrarna
politiken
olyckan-inifran
rss-flodet
krimmagasinet