meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Wednesday, March 11th, 2026: Windows, Fortinet, Adobe, and Zoom Patches

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

News, Tech News

4.9754 Ratings

🗓️ 11 March 2026

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, March 11th, 2026: Windows, Fortinet, Adobe, and Zoom Patches

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Wednesday, March 11th, 2006 edition of the Sands Inlet Storm Centers, Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida. And this episode is brought you by the Sands.edu credit certificate program in cloud security.

0:24.6

Well, and today, of course, Microsoft's patch Tuesday leads the news. Microsoft did release updates,

0:31.2

fixing 93 vulnerabilities, nine vulnerabilities in chromium that affect Microsoft Edge.

0:38.3

Now, among the vulnerabilities, we had eight critical vulnerabilities, and two that were disclosed prior to the day, but this time we had no vulnerability that was actually already exploited.

0:51.2

Now, when it comes to disclosed vulnerabilities, the first one is a denial of service

0:55.4

vulnerability in dot net. Microsoft considers exploitation unlikely and denial of service

1:01.6

vulnerabilities. While this one doesn't require authentication, it could be exploited across

1:07.1

the network. It's still not usually sort of at the top of the priority.

1:12.3

The second one is probably even a little bit more interesting.

1:15.4

It's a privilege escalation in SQL server.

1:18.3

Now you need to be authenticated in this case to then escalate privilege to sysadmin,

1:24.2

but the scenario that I envision here is where, for example, you have a web

1:29.1

application or something like this that has access to a SQL server using a lower

1:35.1

privileged account. Maybe there's a chance here to exploit that, but that's not really clear

1:40.6

from the advisory. The advisor is usually fairly sparse.

1:46.0

Among the critical vulnerabilities, there are a couple of them that are included in the list here,

1:53.7

but they're actually in Microsoft's cloud products, and that's, you know, they have started

1:57.9

doing that in the last few months, sort of for transparency where they tell you what they're patched in the cloud.

2:03.7

So those are nothing where you have to do anything.

2:06.8

Like there's a Microsoft Payment Orchestrator.

2:09.7

There's also Microsoft ACI confidential containers.

2:14.6

These four vulnerabilities between those two products are all cloud-based, so nothing

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.