Autonomous IT

Join us for a special bonus episode of Patch [FIX] Tuesday, an hour-long compilation of the vulnerabilities that help shaped the cybersecurity landscape in 2024. 

This episode recaps some the most critical and interesting exploits, from supply chain compromises to elevation of privilege threats targeting widely used platforms. Whether you're an IT administrator, security professional, or tech enthusiast, this episode provides valuable insights to stay ahead of evolving threats.

Here’s a list of vulnerabilities discussed in this episode, and be sure to tune into the Patch [FIX] Tuesday podcast on the second Tuesday of every month. 
  1. Operation Triangulation (00:13)
  2. CVE-2024-21401: Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability (5:00)
  3. CVE-2024-21400: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability (11:00)
  4. CVE-2024-3094: XZ/Liblzma Supply Chain Backdoor (17:08)
  5. CVE-2024-4671: Google Chrome Use-After-Free Vulnerability (30:00)
  6. CVE-2024-30078: Windows WiFi Driver Remote Code Execution Vulnerability(35:03)
  7. CVE-2024-38053: Windows Layer Two Bridge Network RCE (47:14)
  8. CVE-2024-38180: SmartScreen Prompt Remote Code Execution Vulnerability (53:12)
  9. CVE-2024-43491: Microsoft Windows Update Remote Code Execution Vulnerability (1:00:00)
  10. CVE-2024-43533: Remote Desktop Client Remote Code Execution Vulnerability (1:04:24)
  11. CVE-2024-5535: Microsoft Defender for Endpoint Remote Code Execution Vulnerability (1:07:35)
  12. CVE-2024-49093: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability (1:09:36)

Creators & Guests

Host
Jason Kikta
Jason Kikta is a fortress of knowledge in cybersecurity, bringing over two decades of frontline experience to the CISO IT podcast. His tenure at US Cyber Command isn't just a credential — it's a cornerstone of his expertise, providing a unique lens through which he views security threats and applies the best ways to prevent or remediate them. At Automox, Jason bridges the gap between good IT and robust security, sharing cutting-edge trends, tips, and expert advice based on the credo good security comes from good IT. His episodes are essential listening for IT professionals aiming to fortify their defenses and stay ahead in the ever-evolving cybersecurity battlefield.
Host
Tom Bowyer
Tom Bowyer is a cybersecurity sentinel, guiding listeners through the digital wilderness with wisdom gleaned from the frontlines of security program development. As the Director of Security at Automox, his expertise spans secure software development, vulnerability management, and more, making him a lighthouse for those navigating the stormy seas of cybersecurity threats. On the Patch [Fix] Tuesday podcast, Tom shares invaluable insights, mitigation strategies, and the latest in custom automations for CVE remediations. His dedication to modern, effective security solutions makes him a pillar of trust and knowledge in the cybersecurity community.

What is Autonomous IT?

Go from monotonous to autonomous IT operations with this series. Hosts from Automox, the IT automation platform for modern organizations, will cover the latest IT trends; Patch Tuesday remediations; ways to save time with Worklets (pre-built scripts); reduce risk; slash complexity; and automate OS, third-party, and configuration updates on all your Windows, macOS, and Linux endpoints. Automate confidence everywhere with Automox.