that sound you hear is every Windows platform engineer pasting the "Our commitment to Windows quality" post into their AGENTS.md

New Post: Debugging - WinDBG & WinDBGX Fundamentals https://www.corelan.be/index.php/2026/03/23/debugging-windbg-windbgx-fundamentals/

RE: https://mastodon.art/@lurnoise/114993216415771245

Hi! You should hire me for stuff, not only do I draw pretty neatly but I'm also very kind and easy to work with and always hit the deadlines <3

What You Need to Know: Windows Admin Center Remote Privilege Escalation (CVE-2026-26119) https://www.semperis.com/blog/what-you-need-to-know-windows-admin-center-remote-privilege-escalation-cve-2026-26119/

Almost 7 years of silence.
Today, that changes.
March 23, 2026.
Follow to be among the first to know:
https://www.corelan.be/index.php/contact
Tick tock. It’s coming.

Our Call for Participation is now live!

If you have a talk, workshop, performance, or installation you'd like to bring to EMF, you can now submit it here:

https://www.emfcamp.org/cfp

Accepted proposals are guaranteed the chance to buy a ticket!

Sums up my experience growing up

🤞https://open.substack.com/pub/chinatalk/p/how-claude-opened-the-strait-of-hormuz

looks like anthropic got rid of the claude refusal triggering string :(

This is my analysis (and PoC) for CVE-2026-20817, a privilege escalation in the Windows Error Reporting service.

👉 https://itm4n.github.io/cve-2026-20817-wersvc-eop/

Credit goes to Denis Faiustov and Ruslan Sayfiev for the discovery.

TL;DR A low privilege user could send an ALPC message to the WER service and coerce it to start a WerFault.exe process as SYSTEM with user-controlled arguments and options. I did not achieve arbitrary code execution, but perhaps someone knows how this can be done? 🤷‍♂️

Has anyone ever heard of a security breach of a Fedramp moderate or higher authorized environment? I mean the parts that are authorized.

NTLM and SMB go opt-in

https://daniel.haxx.se/blog/2026/03/22/ntlm-and-smb-go-opt-in/

#curl

Does anyone know where to find more info on the surveilance economy online? I was looking for an update on the unfortunate Debora Silvestri who crashed so badly yesterday, and of course, was met with "We value your privacy" banner where I could consent to giving away… something?

The Privacy Policy talks about two cookies - both Google Analytics, and two partners for gaining "audience insights". The actual cookie pop-up list 1.709 (!) so-called "partners", many with "legitimate interest". Basically all these are companies nobody has ever heard of.

I know I'm leaking info like IP-address, browser and device details. What I can't understand is how all these 1.709 little leeches can possibly deliver enough value and generate revenue based on this information. Who pays them, and for what?

Thanks!

#advertisements #surveillance #cookies