Autonomous IT

March 2026's Patch Tuesday brings no active exploitations, but don't let that fool you. This month, Ryan Braunstein and Henry Smith break down why medium-severity vulnerabilities deserve your full attention.

First up: a Push Message Routing Service memory leak (CVE-2026-24282, CVSS 5.5) that lets attackers scrape session tokens and private keys from heap memory. Then, a pair of GDI bugs (CVE-2026-25181 and CVE-2026-25190) that chain together to defeat ASLR and deliver remote code execution with near-perfect reliability. Henry covers a Windows Accessibility Infrastructure flaw (CVE-2026-24291) hiding in a service most teams never think to harden, plus an SMB authentication bypass (CVE-2026-24294) that echoes EternalBlue and WannaCry.

What you'll learn:

- How attackers chain medium-severity bugs into full compromise paths

- Why the Push Message Routing Service is a target-rich environment for credential theft

- How a two-stage GDI exploit defeats ASLR with near-100% reliability

- Why accessibility services are blind spots on your hardening checklists

- What SMB's history with EternalBlue and WannaCry means for this month's auth bypass

Patch your systems. Audit your service accounts. Don't skip the mediums.