Advisory

Microsoft March 2026 Patch Fixes 79 Vulnerabilities, Eight Critical, Two Publicly Disclosed Zero-Days

Take action: This month prioritize SQL server and .Net for the publicly disclosed flaws, then Microsoft Office and Windows for the critical and most probable for exploitation. Then go through the rest of the products.

Learn More

Microsoft fixed 79 security flaws in its March 2026 Patch Tuesday update. This release includes eight critical bugs and two publicly disclosed zero-day vulnerabilities. Neither zero-day has been observed exploited in the wild, but public disclosure significantly raises the risk of attackers developing exploits.

The update patches flaws in Windows, Office, Excel, SharePoint, SQL Server, .NET, Azure, Hyper-V, Edge, and other components that allow attackers to run code, gain higher privileges, disclose information, or cause denial of service.

Publicly disclosed zero-day flaws:

  • CVE-2026-21262 — SQL Server Elevation of Privilege Vulnerability. Publicly disclosed before a patch was available. Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network, potentially gaining SQL administrator privileges. Credited to security researcher Erland Sommarskog, who originally disclosed the flaw in the "Packaging Permissions in Stored Procedures" article. Organizations running SQL Server in corporate infrastructure should apply this patch as soon as possible.
  • CVE-2026-26127 — .NET Denial of Service Vulnerability. Publicly disclosed before a patch was available. An out-of-bounds read in .NET allows an unauthorized attacker to trigger a denial-of-service condition over a network, potentially causing applications built on the .NET platform to crash or become unresponsive. Attributed to an anonymous researcher.

Critical flaws:

  • CVE-2026-26110 — Microsoft Office Remote Code Execution Vulnerability (Critical). A type confusion issue caused by access to a resource using an incompatible type that could allow an unauthorized attacker to execute code locally. Exploitable via the Office preview pane, meaning users could be exposed simply by previewing a malicious document without fully opening it.
  • CVE-2026-26113 — Microsoft Office Remote Code Execution Vulnerability (Critical). An untrusted pointer dereference that could allow an unauthorized attacker to execute code locally. Also exploitable via the preview pane, reducing the need for user interaction and making phishing campaigns more effective. Organizations should prioritize patching Office systems immediately.
  • CVE-2026-26144 — Microsoft Excel Information Disclosure Vulnerability (Critical). Improper neutralization of input in Microsoft Excel could enable an unauthorized attacker to disclose information. Of particular concern, this flaw could be used to exfiltrate data via Microsoft Copilot. An attacker who successfully exploited this vulnerability could potentially cause Copilot Agent mode to exfiltrate data via unintended network egress, enabling a zero-click information disclosure attack. This flaw highlights growing security concerns around AI integrations in productivity software.
  • CVE-2026-23651 — Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
  • CVE-2026-26124 — Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
  • CVE-2026-26122 — Microsoft ACI Confidential Containers Information Disclosure Vulnerability
  • CVE-2026-21536 — Microsoft Devices Pricing Program Remote Code Execution Vulnerability
  • CVE-2026-26125 — Payment Orchestrator Service Elevation of Privilege Vulnerability
  • CVE-2026-3381  Mariner Zlib versions through 2.219 for Perl use potentially insecure versions of zlib

Flaws rated "more likely" to be exploited:

Cisco Talos has highlighted several vulnerabilities rated "important" but assessed by Microsoft as "more likely" to be exploited:

  • CVE-2026-23668 — Windows Graphics Component Elevation of Privilege Vulnerability
  • CVE-2026-24289 — Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2026-24291 — Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability
  • CVE-2026-24294 — Windows SMB Server Elevation of Privilege Vulnerability
  • CVE-2026-25176 — Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • CVE-2026-25187 — Winlogon Elevation of Privilege Vulnerability

The patch cycle includes:

  • 46 Elevation of Privilege vulnerabilities
  • 2 Security Feature Bypass vulnerabilities
  • 18 Remote Code Execution vulnerabilities
  • 10 Information Disclosure vulnerabilities
  • 4 Denial of Service vulnerabilities
  • 4 Spoofing vulnerabilities

Full patch list

TagCVE IDCVE TitleSeverity
.NETCVE-2026-26131.NET Elevation of Privilege VulnerabilityImportant
.NETCVE-2026-26127.NET Denial of Service VulnerabilityImportant
Active Directory Domain ServicesCVE-2026-25177Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
ASP.NET CoreCVE-2026-26130ASP.NET Core Denial of Service VulnerabilityImportant
Azure ArcCVE-2026-26141Hybrid Worker Extension (Arc-enabled Windows VMs) Elevation of Privilege VulnerabilityImportant
Azure Compute GalleryCVE-2026-23651Microsoft ACI Confidential Containers Elevation of Privilege VulnerabilityCritical
Azure Compute GalleryCVE-2026-26124Microsoft ACI Confidential Containers Elevation of Privilege VulnerabilityCritical
Azure Compute GalleryCVE-2026-26122Microsoft ACI Confidential Containers Information Disclosure VulnerabilityCritical
Azure Entra IDCVE-2026-26148Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege VulnerabilityImportant
Azure IoT ExplorerCVE-2026-26121Azure IOT Explorer Spoofing VulnerabilityImportant
Azure IoT ExplorerCVE-2026-23662Azure IoT Explorer Information Disclosure VulnerabilityImportant
Azure IoT ExplorerCVE-2026-23661Azure IoT Explorer Information Disclosure VulnerabilityImportant
Azure IoT ExplorerCVE-2026-23664Azure IoT Explorer Information Disclosure VulnerabilityImportant
Azure Linux Virtual MachinesCVE-2026-23665Linux Azure Diagnostic extension (LAD) Elevation of Privilege VulnerabilityImportant
Azure MCP ServerCVE-2026-26118Azure MCP Server Tools Elevation of Privilege VulnerabilityImportant
Azure Portal Windows Admin CenterCVE-2026-23660Windows Admin Center in Azure Portal Elevation of Privilege VulnerabilityImportant
Azure Windows Virtual Machine AgentCVE-2026-26117Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportant
Broadcast DVRCVE-2026-23667Broadcast DVR Elevation of Privilege VulnerabilityImportant
Connected Devices Platform Service (Cdpsvc)CVE-2026-24292Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
GitHub Repo: zero-shot-scfoundationCVE-2026-23654GitHub: Zero Shot SCFoundation Remote Code Execution VulnerabilityImportant
MarinerCVE-2026-23235f2fs: fix out-of-bounds access in sysfs attribute read/writeImportant
MarinerCVE-2026-23234f2fs: fix to avoid UAF in f2fs_write_end_io()Important
MarinerCVE-2026-3713pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflowModerate
MarinerCVE-2026-23237platform/x86: classmate-laptop: Add missing NULL pointer checksModerate
MarinerCVE-2026-26017CoreDNS ACL BypassImportant
MarinerCVE-2026-26018CoreDNS Loop Detection Denial of Service VulnerabilityImportant
MarinerCVE-2026-2297SourcelessFileLoader does not use io.open_code()Moderate
MarinerCVE-2026-0038In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Important
MarinerCVE-2026-27601Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attackImportant
MarinerCVE-2026-23236fbdev: smscufx: properly copy ioctl memory to kernelspaceModerate
MarinerCVE-2026-23865An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.Moderate
MarinerCVE-2025-71238scsi: qla2xxx: Fix bsg_done() causing double freeModerate
MarinerCVE-2026-3338PKCS7_verify Signature Validation Bypass in AWS-LCImportant
MarinerCVE-2026-23231netfilter: nf_tables: fix use-after-free in nf_tables_addchain()Important
MarinerCVE-2026-3381Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlibCritical
MarinerCVE-2026-0031In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Important
MarinerCVE-2026-23238romfs: check sb_set_blocksize() return valueModerate
MarinerCVE-2026-3494MariaDB Server Audit Plugin Comment Handling BypassModerate
MarinerCVE-2026-3336PKCS7_verify Certificate Chain Validation Bypass in AWS-LCImportant
MarinerCVE-2026-0032In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Important
Microsoft AuthenticatorCVE-2026-26123Microsoft Authenticator Information Disclosure VulnerabilityImportant
Microsoft Brokering File SystemCVE-2026-25167Microsoft Brokering File System Elevation of Privilege VulnerabilityImportant
Microsoft Devices Pricing ProgramCVE-2026-21536Microsoft Devices Pricing Program Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based)CVE-2026-3544Chromium: CVE-2026-3544 Heap buffer overflow in WebCodecsUnknown
Microsoft Edge (Chromium-based)CVE-2026-3540Chromium: CVE-2026-3540 Inappropriate implementation in WebAudioUnknown
Microsoft Edge (Chromium-based)CVE-2026-3536Chromium: CVE-2026-3536 Integer overflow in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2026-3538Chromium: CVE-2026-3538 Integer overflow in SkiaUnknown
Microsoft Edge (Chromium-based)CVE-2026-3545Chromium: CVE-2026-3545 Insufficient data validation in NavigationUnknown
Microsoft Edge (Chromium-based)CVE-2026-3541Chromium: CVE-2026-3541 Inappropriate implementation in CSSUnknown
Microsoft Edge (Chromium-based)CVE-2026-3543Chromium: CVE-2026-3543 Inappropriate implementation in V8Unknown
Microsoft Edge (Chromium-based)CVE-2026-3539Chromium: CVE-2026-3539 Object lifecycle issue in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2026-3542Chromium: CVE-2026-3542 Inappropriate implementation in WebAssemblyUnknown
Microsoft Graphics ComponentCVE-2026-25169Windows Graphics Component Denial of Service VulnerabilityImportant
Microsoft Graphics ComponentCVE-2026-25180Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2026-25168Windows Graphics Component Denial of Service VulnerabilityImportant
Microsoft Graphics ComponentCVE-2026-23668Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2026-26110Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2026-26113Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2026-26134Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft Office ExcelCVE-2026-26144Microsoft Excel Information Disclosure VulnerabilityCritical
Microsoft Office ExcelCVE-2026-26109Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2026-26108Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2026-26107Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2026-26112Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2026-26105Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2026-26114Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2026-26106Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Semantic Kernel Python SDKCVE-2026-26030GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerableImportant
Payment Orchestrator ServiceCVE-2026-26125Payment Orchestrator Service Elevation of Privilege VulnerabilityCritical
Push Message Routing ServiceCVE-2026-24282Push message Routing Service Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2026-25170Windows Hyper-V Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2026-21262SQL Server Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2026-26116SQL Server Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2026-26115SQL Server Elevation of Privilege VulnerabilityImportant
System Center Operations ManagerCVE-2026-20967System Center Operations Manager (SCOM) Elevation of Privilege VulnerabilityImportant
Windows Accessibility Infrastructure (ATBroker.exe)CVE-2026-25186Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure VulnerabilityImportant
Windows Accessibility Infrastructure (ATBroker.exe)CVE-2026-24291Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2026-25179Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2026-24293Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2026-25176Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2026-25178Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows App InstallerCVE-2026-23656Windows App Installer Spoofing VulnerabilityImportant
Windows Authentication MethodsCVE-2026-25171Windows Authentication Elevation of Privilege VulnerabilityImportant
Windows Bluetooth RFCOM Protocol DriverCVE-2026-23671Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege VulnerabilityImportant
Windows Device Association ServiceCVE-2026-24296Windows Device Association Service Elevation of Privilege VulnerabilityImportant
Windows Device Association ServiceCVE-2026-24295Windows Device Association Service Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2026-25189Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows Extensible File AllocationCVE-2026-25174Windows Extensible File Allocation Table Elevation of Privilege VulnerabilityImportant
Windows File ServerCVE-2026-24283Multiple UNC Provider Kernel Driver Elevation of Privilege VulnerabilityImportant
Windows GDICVE-2026-25190GDI Remote Code Execution VulnerabilityImportant
Windows GDI+CVE-2026-25181GDI+ Information Disclosure VulnerabilityImportant
Windows KerberosCVE-2026-24297Windows Kerberos Security Feature Bypass VulnerabilityImportant
Windows KernelCVE-2026-26132Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2026-24289Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2026-24287Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows MapUrlToZoneCVE-2026-23674MapUrlToZone Security Feature Bypass VulnerabilityImportant
Windows Mobile BroadbandCVE-2026-24288Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows NTFSCVE-2026-25175Windows NTFS Elevation of Privilege VulnerabilityImportant
Windows Performance CountersCVE-2026-25165Performance Counters for Windows Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2026-23669Windows Print Spooler Remote Code Execution VulnerabilityImportant
Windows Projected File SystemCVE-2026-24290Windows Projected File System Elevation of Privilege VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2026-23673Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2026-26111Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2026-25173Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2026-25172Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Shell Link ProcessingCVE-2026-25185Windows Shell Link Processing Spoofing VulnerabilityImportant
Windows SMB ServerCVE-2026-26128Windows SMB Server Elevation of Privilege VulnerabilityImportant
Windows SMB ServerCVE-2026-24294Windows SMB Server Elevation of Privilege VulnerabilityImportant
Windows System Image ManagerCVE-2026-25166Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2026-25188Windows Telephony Service Elevation of Privilege VulnerabilityImportant
Windows Universal Disk Format File System Driver (UDFS)CVE-2026-23672Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2026-24285Win32k Elevation of Privilege VulnerabilityImportant
WinlogonCVE-2026-25187Winlogon Elevation of Privilege VulnerabilityImportant
Microsoft March 2026 Patch Fixes 79 Vulnerabilities, Eight Critical, Two Publicly Disclosed Zero-Days
Read More
Apple issues updates for MacOS, iOS and fixes …
Chrome releases version 118 Patches 20 flaws, one …
Google Patches 26 Vulnerabilities in Major Chrome Update, …
Hackers claim responsibility for breaching Plume - Smart …
Google releases emergency Chrome update to patch actively …