Episode Overview

Main Theme:
This episode of the SANS Internet Stormcenter Daily Cyber Security Podcast, hosted by Johannes B. Ullrich, provides an in-depth briefing on the major security patches released for various platforms and products on March 11, 2026. The episode’s primary focus centers around Microsoft's Patch Tuesday, but it also covers critical updates from Fortinet, Adobe, and Zoom, highlighting newly-addressed vulnerabilities, their implications, and which require urgent attention.

Key Discussion Points and Insights

1. Microsoft Patch Tuesday Rundown

• Scope and Numbers

  • 93 vulnerabilities addressed, including 9 in Chromium affecting Microsoft Edge.
  • 8 classified as critical, 2 previously disclosed, but none known to be actively exploited at release.
  • Quote [01:07]:

    “Among the vulnerabilities we had eight critical vulnerabilities and two that were disclosed prior to today. But this time we had no vulnerability that was actually already exploited.” — Johannes B. Ullrich

• Notable Vulnerabilities:

  • Denial of Service in .NET:

    • Disclosed prior, exploitation unlikely, does not require authentication, but generally not a top priority for most organizations.
    • Quote [01:28]:

      “Denial of service vulnerabilities—while this one doesn't require authentication... still not usually sort of at the top of the priority.” — Johannes B. Ullrich

  • SQL Server Privilege Escalation:

    • Requires authentication, allows escalation to sysadmin.
    • Concern if a web application with a low-privileged account connects to SQL Server, but the advisory lacks detail.
    • Quote [02:02]:

      “The scenario that I envision here is where, for example, you have a web application or something... Maybe there's a chance here to exploit that, but that's not really clear from the advisory.” — Johannes B. Ullrich

  • Cloud Product Vulnerabilities:

    • Multiple critical vulnerabilities patched in cloud services (Microsoft Payment Orchestrator, ACI Confidential Containers).
    • No customer action required; disclosed for transparency.
    • Quote [02:27]:

      “They have started doing that in the last few months... tell you what they patched in the cloud. So those are nothing where you have to do anything.” — Johannes B. Ullrich

  • Excel and Office Remote Code Execution:

    • Several RCE vulnerabilities in Office products—high-priority for patching.

  • AI-driven Vulnerability Discovery:

    • One critical vulnerability reported by Expo, an AI company gaining attention in security circles.

    • Quote [03:04]:

      “Also interesting that one of the critical vulnerabilities was reported by Expo, which is a famous AI company that basically finds vulnerabilities.” — Johannes B. Ullrich

2. Fortinet Patches

• Two High Severity Bugs:

  • Both are buffer overflows.
    • FortiSwitch (AX):
      • LLDP issue, requires network-adjacent access to exploit.
    • FortiManager (FGT Update Service):
      • Might be remotely exploitable.

• Critical OpenSSL Patch:

  • Recently released OpenSSL code execution vulnerability, already discussed in prior episodes.
  • Multiple Fortinet products affected.
  • Rated critical, but real-world exploitability depends on product configurations.

• Quote [04:13]:

  “There’s one critical vulnerability that was patched yesterday and that vulnerability is really just the OpenSSL patch... potential code execution vulnerability in OpenSSL.” — Johannes B. Ullrich

3. Adobe Patches

• 80 vulnerabilities across 8 products.
• Adobe Commerce:
  • Remote code execution via XSS, notable because of product prevalence and public exposure.
• Adobe Acrobat Reader:
  • 3 patched vulnerabilities, 2 critical (RCE).
  • Both products should be patched promptly due to high usage and potential attack surface.
  • Quote [05:03]:

    “Acrobat Reader [is] probably the most popular product here from Adobe today.” — Johannes B. Ullrich

4. Zoom Workplace for Windows

• Critical Patch:
  • Addresses a vulnerability with CVSS score of 9.6.
  • Issue: External control of file name or path when using Zoom’s mail feature.
  • Risk: Attacker could control the saved file’s location, possibly leading to code execution if stored where it might be executed.
  • Quote [05:41]:

    “They describe it as an external control of file name or path... I assume it's some kind of attachment or such... attacker controls where the particular file is being saved to.” — Johannes B. Ullrich

5. Other Mentions

• SAP:
  • Couple of new patches, worth reviewing for affected organizations.
  • [06:15]: Brief mention, no technical details given.

Notable Quotes & Memorable Moments

• [01:07] “But this time we had no vulnerability that was actually already exploited.”
  — Johannes B. Ullrich

• [02:02] “Maybe there's a chance here to exploit that, but that's not really clear from the advisory.”
  — Johannes B. Ullrich

• [03:04] “One of the critical vulnerabilities was reported by Expo, which is a famous AI company that basically finds vulnerabilities.”
  — Johannes B. Ullrich

• [05:41] “I assume it's some kind of attachment or such ... the attacker controls where the particular file is being saved to and that of course can always then lead to remote code execution.”
  — Johannes B. Ullrich

Timestamps for Key Segments

• [00:04–01:07] — Introduction and Microsoft Patch Tuesday Summary
• [01:07–03:09] — Critical and disclosed Microsoft vulnerabilities, cloud product transparency, noteworthy findings
• [03:09–04:13] — Fortinet’s new patches: buffer overflows and OpenSSL
• [04:13–05:03] — Adobe patches for Commerce and Acrobat Reader
• [05:03–05:56] — Zoom critical patch explanation
• [06:15] — SAP patches short mention

Summary Takeaways

• Microsoft released a significant batch of updates; urgent attention should be paid especially to Office product vulnerabilities.
• Fortinet: Buffer overflows and OpenSSL-related code execution issue—review affected devices and patch promptly.
• Adobe: Adobe Commerce (public-facing) and Acrobat Reader (widely used) both see dangerous new flaws—patch ASAP.
• Zoom: A rare Patch Tuesday appearance with a critical file handling bug on Windows—critical for organizations using Zoom’s mail functionality.
• SAP: New patches released, but details not covered; relevant only to organizations with SAP deployments.

Listeners are encouraged to review their environments for exposure to the mentioned vulnerabilities and to prioritize patching accordingly. The focus throughout is practical, concise, and rooted in actionable security advice.