![Patch [FIX] Tuesday – March 2026 [SMB Is Back and ASLR Gets Shuffled], E29](https://img.transistorcdn.com/NIJMynIG4vBkjxfD-GiiNS44vyqNtAl2wG0VCFPMaKQ/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS82YjZl/Y2I0MGNhZmQzYjQ1/MDY2MzA3ZDk1MDZk/Mzc4MS5wbmc.jpg)
Patch [FIX] Tuesday – March 2026 [SMB Is Back and ASLR Gets Shuffled], E29
From Autonomous IT by Automox
March 10, 2026 · 22 min · Episode 29
About this episode
The episode discusses March 2026's Patch Tuesday, focusing on medium-severity vulnerabilities and their implications for cybersecurity.
March 2026's Patch Tuesday brings no active exploitations, but don't let that fool you. This month, Ryan Braunstein and Henry Smith break down why medium-severity vulnerabilities deserve your full attention. First up: a Push Message Routing Service memory leak (CVE-2026-24282, CVSS 5.5) that lets attackers scrape session tokens and private keys from heap memory. Then, a pair of GDI bugs (CVE-2026-25181 and CVE-2026-25190) that chain together to defeat ASLR and deliver remote code execution with near-perfect reliability. Henry covers a Windows Accessibility Infrastructure flaw (CVE-2026-24291) hiding in a service most teams never think to harden, plus an SMB authentication bypass (CVE-2026-24294) that echoes EternalBlue and WannaCry. What you'll learn: - How attackers chain medium-severity bugs into full compromise paths - Why the Push Message Routing Service is a target-rich environment for credential theft - How a two-stage GDI exploit defeats ASLR with near-100% reliability - Why accessibility services are blind spots on your hardening checklists - What SMB's history with EternalBlue and WannaCry means for this month's auth bypass Patch your systems. Audit your service…
People in this episode
Hosts: Ryan Braunstein, Henry Smith
Topics covered
- vulnerabilities
- cybersecurity
- Patch Tuesday
- medium-severity bugs
- remote code execution
- credential theft
- ASLR
Keywords
- Patch Tuesday
- CVE-2026-24282
- CVE-2026-25181
- CVE-2026-25190
- CVE-2026-24291
- CVE-2026-24294
- ASLR
- credential theft
- remote code execution
- medium-severity vulnerabilities
Mentioned in this episode
Organizations: Push Message Routing Service, Windows Accessibility Infrastructure, EternalBlue, WannaCry
Products: CVE-2026-24282, CVE-2026-25181, CVE-2026-25190, CVE-2026-24291, CVE-2026-24294
More episodes of Autonomous IT
- Product Talk – CISA's BOD 26-04 Directive Explained, E26 · June 11, 2026 · 27 min
- Patch [FIX] Tuesday – [Nothing Weaponized, Everything Exposed], E33 · June 9, 2026 · 24 min
- Patch [FIX] Tuesday – [AI Hits the Hat Trick], Ep. 32 · May 12, 2026 · 34 min
- Patch [FIX] Tuesday – [Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31 · May 8, 2026 · 11 min
- Autonomous IT, Live! The Math of Modern Attacks, E07 · April 28, 2026 · 33 min
- Secure IT – Claude Mythos: AI Vulnerability Hype vs. Evidence, E23 · April 23, 2026 · 8 min
Explore listener stats, chart rankings, contacts and more on the Autonomous IT podcast page.