Now Playing
Record Patch Tuesday: HTTP.sys Zero-Day, BitLocker Bypass & ServiceNow Breach
Audio is available on Spreaker — see link below.
Microsoft's largest-ever Patch Tuesday lands with three actively exploited zero-days targeting Windows servers, workstations, and encrypted drives — while ServiceNow confirms a silent pre-patch breach affecting 8,000+ enterprises. If you run internet-facing Windows infrastructure or ServiceNow, today's briefing is required listening.
Audio is available on Spreaker — see link below.
Microsoft just pushed the largest Patch Tuesday in its twenty-three year history, and three of those patches are not optional. They're actively exploited zero-days, confirmed in the wild, affecting Windows workstations, servers, and encrypted drives across every enterprise environment.
Start with HTTP.sys. An unauthenticated attacker can send a malicious HTTP packet to a Windows server running IIS or any HTTP.sys-dependent service and achieve kernel-mode code execution.
Here's the context that makes all of this harder. Large language models can now reverse-engineer patches and generate functional exploits within hours of a public release.
While Microsoft's release was very public, a separate incident has quieter but significant consequences. ServiceNow, the IT service management platform used by more than eight thousand enterprises, confirmed a breach of its customer data.
The deeper concern with ServiceNow is what was in those tickets. IT service management platforms are integration hubs.
The near-term priorities are fairly clear. Patch HTTP.sys immediately on all internet-facing Windows servers.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.