Microsoft March 2026 Patch Tuesday Fixes Two Zero-Days and Dozens of Vulnerabilities
Microsoft’s March 2026 Patch Tuesday shipped fixes for 79 vulnerabilities, including two zero-day flaws. Public reporting and third-party patch reviews highlight a mix of Important and Critical issues across Microsoft’s ecosystem, including .NET (CVE-2026-26127 DoS; CVE-2026-26131 EoP), Active Directory Domain Services (CVE-2026-25177 EoP), ASP.NET Core (CVE-2026-26130 DoS), and multiple Azure components such as ACI Confidential Containers (CVE-2026-23651, CVE-2026-26124 EoP; CVE-2026-26122 information disclosure) and Azure IoT Explorer (CVE-2026-26121 spoofing; CVE-2026-23661/23662/23664 information disclosure).
Independent analysis (ZDI and SANS ISC) corroborated the breadth of affected products and provided additional scoring/metadata, including CVSS ratings and exploitability flags. ZDI’s review also called out additional Critical items in the release such as Microsoft Office RCE (CVE-2026-26110, CVE-2026-26113) and other high-impact vulnerabilities, while SANS ISC’s Patch Tuesday coverage additionally noted bundled Chromium-tracked fixes (multiple CVE-2026-3536 through CVE-2026-3544 entries) that commonly map to Microsoft’s browser/embedded Chromium components. Organizations should prioritize patching systems exposed to untrusted content or authentication boundaries (e.g., Office, AD DS, Azure agents/extensions) and validate deployment coverage across both Windows and cloud-connected workloads.
Timeline
Mar 31, 2026
SQL Server 2012 Parallel Data Warehouse support end date noted
Patch Tuesday coverage noted that SQL Server 2012 Parallel Data Warehouse would reach the end of extended support on March 31, 2026. This was highlighted as an important lifecycle milestone for organizations still running the product.
Mar 10, 2026
March 2026 updates include several high-severity critical issues
The March 2026 Patch Tuesday set also included notable high-severity vulnerabilities such as CVE-2026-21536 in Microsoft Devices Pricing Program and CVE-2026-26030 in Microsoft Semantic Kernel InMemoryVectorStore, along with multiple SharePoint, Office, Excel, RRAS, and Windows privilege-escalation flaws. These issues were identified as among the most severe bugs in the month's release.
Mar 10, 2026
Microsoft Authenticator mobile app flaw draws attention
Researchers highlighted CVE-2026-26123, an Important Microsoft Authenticator vulnerability on iOS and Android that could let a malicious app impersonate the legitimate Authenticator app by abusing a custom URL scheme handler. Commentary noted exploitation may require less user interaction than Microsoft's guidance suggested.
Mar 10, 2026
Researchers highlight SQL Server flaw CVE-2026-21262 as a major risk
Security coverage of the March 2026 updates singled out CVE-2026-21262, a SQL Server elevation-of-privilege vulnerability that could allow an authorized attacker to gain sysadmin privileges over the network on supported SQL Server versions. Analysts emphasized the risk posed by internet-exposed SQL Server deployments.
Mar 10, 2026
Microsoft discloses two publicly known flaws in March 2026 updates
The March 2026 release identified two publicly disclosed vulnerabilities: CVE-2026-21262 in SQL Server and CVE-2026-26127 in .NET. Multiple sources noted these were publicly disclosed at release time, while most reporting said there was no evidence of active exploitation.
Mar 10, 2026
Microsoft releases March 2026 Patch Tuesday updates
On March 10, 2026, Microsoft released its March Patch Tuesday security updates covering roughly 77-79 vulnerabilities across Windows, Office, Azure, SQL Server, SharePoint, .NET, Edge, and related products. The release included a mix of Critical and Important flaws spanning remote code execution, elevation of privilege, denial of service, information disclosure, spoofing, and security feature bypass.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Affected Products
Sources
2 more from sources like handlers diary full and rapid7 blog
Related Stories
Microsoft January Patch Tuesday Fixes 114 Vulnerabilities Including Three Zero-Days
Microsoft’s January Patch Tuesday security updates addressed **114 vulnerabilities**, including **three zero-days** reported as publicly known and/or exploited. Reported issues span multiple Windows and Microsoft product components, including **Desktop Window Manager (DWM)**, legacy modem drivers, and core OS services, with a mix of **information disclosure**, **elevation of privilege (EoP)**, **security feature bypass**, and **remote code execution (RCE)** flaws. Technical highlights called out include **CVE-2023-31096** (Windows Agere Soft Modem Driver EoP), **CVE-2026-20805** (DWM information disclosure), and a **Secure Boot certificate expiration** security feature bypass (**CVE-2026-21265**). The update set also includes multiple **Office/Excel/Word RCE** vulnerabilities (e.g., **CVE-2026-20952**, **CVE-2026-20953**, **CVE-2026-20955**, **CVE-2026-20957**, **CVE-2026-20944**), Windows privilege-escalation issues (e.g., **Windows Graphics Component** and **VBS Enclave** EoP), and cloud/agent components such as **Azure Connected Machine Agent** (**CVE-2026-21224**) and **Azure Core shared client library for Python** (**CVE-2026-21226**).
1 months ago
Microsoft Patches 163 Flaws Including Exploited SharePoint Bug and Defender Zero-Day
Microsoft released fixes for **163 vulnerabilities** in its April Patch Tuesday update, marking one of its largest security releases on record. The bundle includes **8 Critical** flaws, **154 Important** issues, and **1 Moderate** bug, with seven of the Critical vulnerabilities enabling remote code execution across products and components including **Windows TCP/IP**, **Windows IKE Service Extensions**, **Active Directory**, **Remote Desktop Client**, **Microsoft Office**, and **Microsoft Word**. Belgian authorities urged organizations to apply the updates immediately. The most urgent issues include **`CVE-2026-32201`**, an actively exploited **Microsoft SharePoint Server** vulnerability that was added to CISA’s Known Exploited Vulnerabilities catalog, and **`CVE-2026-33825`** in **Microsoft Defender**, a publicly disclosed zero-day tied to proof-of-concept code associated with the **BlueHammer** exploit. Microsoft also shipped Windows 11 cumulative updates with security hardening changes, including safer handling of **`.rdp`** files and improved visibility into **Secure Boot** certificates, while the broader patch set addressed numerous elevation-of-privilege and security feature bypass flaws that could support post-compromise escalation.
1 weeks ago
Microsoft Patch Tuesday Fixes Six Actively Exploited Zero-Days Including Windows Shell SmartScreen Bypass
Microsoft released its February Patch Tuesday security updates addressing **~58–59 vulnerabilities** across Windows and other products, including **six zero-day flaws confirmed as actively exploited in the wild** and **five Critical** issues. Reported vulnerability classes were led by **Elevation of Privilege (25)**, followed by **Remote Code Execution (12)** and **Security Feature Bypass (5)**, with additional fixes for spoofing, information disclosure, DoS, and XSS; Microsoft also noted additional *Edge* fixes shipped outside the prior Patch Tuesday cadence, including an Android spoofing issue (`CVE-2026-0391`). One of the actively exploited zero-days highlighted across reporting is `CVE-2026-21510`, a **Windows Shell security feature bypass** that can be abused to evade **Mark-of-the-Web/SmartScreen-style warnings** by using specially crafted files (e.g., shortcut/link formats) so that untrusted content can execute without expected prompts, making it well-suited to phishing and social-engineering delivery. Separate coverage also noted Microsoft’s rollout of **updated Secure Boot certificates** ahead of the June 2026 expiration of legacy 2011 certificates, a change with broad implications for Windows boot integrity and enterprise device management.
1 months ago