Skip to main content
Mallory

Microsoft March Patch Tuesday Ships 83 Fixes and Windows 11 Cumulative Updates

widely-deployed-product-advisoryendpoint-software-vulnerabilityproof-of-concept-release
Updated March 30, 2026 at 04:04 AM18 sources
Share:
Microsoft March Patch Tuesday Ships 83 Fixes and Windows 11 Cumulative Updates

Get Ahead of Threats Like This

Know if you're exposed. Before adversaries strike.

Microsoft’s March Patch Tuesday security release shipped fixes for 83 vulnerabilities across its enterprise software and services, and was notable for having no actively exploited zero-days for the first time in six months. Microsoft flagged six vulnerabilities as “more likely to be exploited,” and noted two issues—CVE-2026-21262 and CVE-2026-26127—were publicly known at release. Researchers highlighted an Excel information-disclosure issue, CVE-2026-26144, describing a scenario where an attacker could potentially induce a Copilot Agent to exfiltrate data in a zero-click style workflow, and also pointed to Office flaws CVE-2026-26110 and CVE-2026-26113 (CVSS 8.4) that could enable arbitrary code execution via the Office preview pane.

Microsoft also released mandatory Windows 11 cumulative updates KB5079473 (25H2/24H2) and KB5078883 (23H2) that incorporate the March 2026 Patch Tuesday security fixes, along with additional non-security changes. The updates advance build numbers to 26200.8037/26100.8037 (25H2/24H2) and 22631.6783 (23H2), expand “high-confidence device targeting” to increase coverage for automatic delivery of new Secure Boot certificates, and include reliability improvements such as better File Explorer search across drives and changes to Windows Defender Application Control (WDAC) behavior for COM objects (policy listing support).

Timeline

  1. Mar 11, 2026

    JPCERT/CC issues advisory on Microsoft March 2026 updates

    On 2026-03-11, JPCERT/CC published advisory JPCERT-AT-2026-0005 warning that vulnerabilities fixed in Microsoft's March 2026 updates could allow remote code execution. It urged organizations to review Microsoft's guidance and apply the relevant updates through Microsoft Update, Windows Update, or the Update Catalog.

  2. Mar 10, 2026

    Microsoft announces Autopatch hotpatching will become default in May 2026

    In connection with the March 2026 Patch Tuesday cycle, Microsoft said Windows Autopatch defaults would change to enable hotpatch security updates for eligible devices starting with the May 2026 Windows security update. This signaled an upcoming change in how some enterprise systems will receive security fixes.

  3. Mar 10, 2026

    Microsoft releases Windows 11 March 2026 cumulative updates

    On 2026-03-10, Microsoft released mandatory Windows 11 cumulative updates KB5079473 for versions 25H2/24H2 and KB5078883 for version 23H2. The updates addressed security issues and bugs, expanded Secure Boot certificate targeting, and added features including built-in Sysmon as an optional native Windows feature.

  4. Mar 10, 2026

    Microsoft says Devices Pricing Program RCE was already mitigated

    Microsoft included CVE-2026-21536, a critical remote code execution flaw in the Microsoft Devices Pricing Program, in the March 2026 disclosures and stated the issue had already been fully mitigated server-side. Multiple reports noted that no customer action was required for this specific vulnerability.

  5. Mar 10, 2026

    Microsoft patches critical Office and Excel flaws with preview-pane and Copilot risk

    Microsoft fixed critical Office remote code execution vulnerabilities CVE-2026-26110 and CVE-2026-26113, which can be triggered through the Office Preview Pane, as well as Excel information disclosure flaw CVE-2026-26144. Researchers noted the Excel issue could enable zero-click style data exfiltration through Microsoft 365 Copilot Agent mode.

  6. Mar 10, 2026

    Microsoft fixes two publicly disclosed vulnerabilities in SQL Server and .NET

    The March 2026 release patched CVE-2026-21262, a SQL Server privilege-escalation flaw that could let an authorized user gain sysadmin privileges, and CVE-2026-26127, a .NET denial-of-service bug. Both issues were publicly known before patches were released, but Microsoft reported no evidence of in-the-wild exploitation.

  7. Mar 10, 2026

    Microsoft releases March 2026 Patch Tuesday security updates

    On 2026-03-10, Microsoft issued its March 2026 Patch Tuesday updates, fixing roughly 79-84 vulnerabilities across Windows, Office, SQL Server, Azure, .NET, Edge, and other products. Microsoft said none of the addressed flaws were known to be actively exploited at release time, though two had been publicly disclosed.

See the full picture in Mallory

Mallory subscribers get deeper analysis on every story, including:

Impact Assessment

Who’s affected and how

Technical Details

Deep-dive technical analysis

Response Recommendations

Actionable next steps for your team

Indicators of Compromise

IPs, domains, hashes, and more

AI Threads

Ask questions and take action on every story

Advanced Filters

Filter by topic, classification, timeframe

Scheduled Alerts

Get matching stories delivered automatically

Related Entities

Vulnerabilities

Elevation of Privilege in Microsoft SQL Server (CVE-2026-21262)Type Confusion RCE in Microsoft Office (CVE-2026-26110).NET Denial of Service via Out-of-Bounds Read (CVE-2026-26127)Microsoft Office Preview Pane Remote Code Execution via Untrusted Pointer Dereference (CVE-2026-26113)Microsoft Excel Copilot Agent Zero-Click Information Disclosure XSS (CVE-2026-26144)Windows SMB Server Elevation of Privilege via Improper Authentication (CVE-2026-24294)Windows Kernel NDIS Driver Use-After-Free Local Privilege Escalation (CVE-2026-24289)Winlogon Elevation of Privilege Vulnerability (CVE-2026-25187)Windows Kernel Use-After-Free Elevation of Privilege (CVE-2026-26132)Local Privilege Escalation in Microsoft Windows Graphics Component (CVE-2026-23668)RegPwn in Windows Accessibility Infrastructure (ATBroker.exe) (CVE-2026-24291)Windows Print Spooler Use-After-Free Remote Code Execution (CVE-2026-23669)Remote Code Execution in Microsoft Devices Pricing Program (CVE-2026-21536)SSRF Elevation of Privilege in Azure MCP Server Tools (CVE-2026-26118)Remote Code Execution in Microsoft Office SharePoint via Deserialization of Untrusted Data (CVE-2026-26114)Remote Code Execution in Microsoft SharePoint Server (CVE-2026-26106)Local Code Execution in Microsoft Office Excel (CVE-2026-26109)Windows SMB Server Improper Authentication Privilege Escalation (CVE-2026-26128)Azure Entra ID Elevation of Privilege via External Initialization of Trusted Variables or Data Stores (CVE-2026-26148)Cross-Site Scripting Spoofing in Microsoft Office SharePoint (CVE-2026-26105)Windows Telephony Service Heap-Based Buffer Overflow Privilege Escalation (CVE-2026-25188)Deep Link Hijacking in Microsoft Authenticator (CVE-2026-26123)Elevation of Privilege in Azure Compute Gallery via Permissive Regular Expression (CVE-2026-23651)Privilege Escalation in Azure Compute Gallery path handling (CVE-2026-26124)Payment Orchestrator Service Elevation of Privilege Vulnerability (CVE-2026-26125)

Organizations

Microsoft CorporationTenableImmersiveTrend MicroAction1Rapid7GoogleOutpost24The Cyber ExpressTrendAI Zero Day InitiativeProject OverwatchSOCRadar

Affected Products

Microsoft OfficeNetPayment Orchestrator ServiceWindows Print SpoolerWindows 11Windows Smb ServerMicrosoft 365 CopilotMicrosoft Aci Confidential ContainersMicrosoft AuthenticatorAzure Compute GalleryMicrosoft Entra IdWindows Routing And Remote Access Service (Rras)Active Directory Domain Services

Sources

nsfocus global
Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
March 30, 2026 at 03:29 AM
scworld
Dozens of Microsoft flaws patched in latest Patch Tuesday | brief | SC Media
March 11, 2026 at 11:38 PM
arctic wolf blog
Microsoft Patch Tuesday: March 2026 | Arctic Wolf
March 11, 2026 at 05:02 PM
socradar blog
March 2026 Patch Tuesday: 83 Vulnerabilities, Two Publicly Disclosed Zero-Days
March 11, 2026 at 11:20 AM
the hacker news
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
March 11, 2026 at 09:15 AM

5 more from sources like thecyberexpress com vulnerabilities, outpost24 blog, jpcert jp alerts, cyberthrone and dark reading

Related Stories

Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates

Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates

Microsoft released its **February 2026 Patch Tuesday** security updates, addressing **54–58 vulnerabilities** across Windows and other Microsoft products, including **six zero-days** that were **publicly disclosed and/or actively exploited** prior to patch availability. Reported zero-days include `CVE-2026-21514` (Office Word security feature bypass), `CVE-2026-21513` (MSHTML security feature bypass), `CVE-2026-21510` (Windows Shell security feature bypass), `CVE-2026-21533` (Windows Remote Desktop Services elevation of privilege), `CVE-2026-21525` (Windows Remote Access Connection Manager DoS), and `CVE-2026-21519` (Desktop Window Manager elevation of privilege). The broader release spans common bug classes such as **RCE**, **EoP**, **information disclosure**, **spoofing**, **DoS**, and **security feature bypass**, with multiple **Critical** issues also called out, including Azure Compute Gallery flaws impacting *ACI Confidential Containers* (`CVE-2026-23655`, `CVE-2026-21522`). As part of the February Windows updates, Microsoft also began a **phased rollout of updated Secure Boot certificates** to replace the original **2011 certificates** ahead of their expiration in **late June 2026**, using “targeting data” and “successful update signals” to control deployment. Windows 11 cumulative updates (including **KB5077181** and **KB5075941**) were released as mandatory Patch Tuesday packages for supported Windows 11 versions, bundling the security fixes alongside additional reliability and feature changes. Separately, Adobe issued February security bulletins covering **44 CVEs** across multiple Creative Cloud products; those Adobe issues were not listed as publicly known or under active attack at release.

1 months ago
Microsoft January Patch Tuesday Security Updates for Windows 10/11

Microsoft January Patch Tuesday Security Updates for Windows 10/11

Microsoft shipped its January Patch Tuesday security updates for **Windows 10** (including ESU/LTSC) and **Windows 11**, addressing a large set of vulnerabilities and rolling in additional platform hardening changes. Windows 10’s *KB5073724* (ESU) updates systems to build `19045.6809` (and LTSC 2021 to `19044.6809`) and includes security/bug fixes plus a phased update to handle **expiring Secure Boot certificates**; it also removes legacy **Agere modem drivers** (`agrsm64.sys`, `agrsm.sys`, `smserl64.sys`, `smserial.sys`), which can break dependent modem hardware. Windows 11 cumulative updates *KB5074109* (25H2/24H2) and *KB5073455* (23H2) are mandatory and include fixes for issues such as WSL mirrored networking failures (“No route to host”) impacting VPN access and RemoteApp connection failures in Azure Virtual Desktop environments. Third-party analysis of the same Patch Tuesday release reported **112 vulnerabilities** (with **8 marked critical**) and at least one vulnerability observed exploited in the wild: **CVE-2026-20805**. The critical issues highlighted include multiple **remote code execution** vulnerabilities across Windows components and Office applications (including **LSASS**, Word, Excel, and Office), plus **elevation of privilege** flaws such as **CVE-2026-20822** (Windows Graphics Component, use-after-free leading to potential SYSTEM privileges) and **CVE-2026-20854** (LSASS RCE over the network without requiring elevated privileges). Organizations should prioritize rapid deployment of the January Windows updates, with particular attention to exploited-in-the-wild items and critical RCE/EoP paths.

1 months ago
Microsoft Patches 163 Flaws Including Exploited SharePoint Bug and Defender Zero-Day

Microsoft Patches 163 Flaws Including Exploited SharePoint Bug and Defender Zero-Day

Microsoft released fixes for **163 vulnerabilities** in its April Patch Tuesday update, marking one of its largest security releases on record. The bundle includes **8 Critical** flaws, **154 Important** issues, and **1 Moderate** bug, with seven of the Critical vulnerabilities enabling remote code execution across products and components including **Windows TCP/IP**, **Windows IKE Service Extensions**, **Active Directory**, **Remote Desktop Client**, **Microsoft Office**, and **Microsoft Word**. Belgian authorities urged organizations to apply the updates immediately. The most urgent issues include **`CVE-2026-32201`**, an actively exploited **Microsoft SharePoint Server** vulnerability that was added to CISA’s Known Exploited Vulnerabilities catalog, and **`CVE-2026-33825`** in **Microsoft Defender**, a publicly disclosed zero-day tied to proof-of-concept code associated with the **BlueHammer** exploit. Microsoft also shipped Windows 11 cumulative updates with security hardening changes, including safer handling of **`.rdp`** files and improved visibility into **Secure Boot** certificates, while the broader patch set addressed numerous elevation-of-privilege and security feature bypass flaws that could support post-compromise escalation.

1 weeks ago

Get Ahead of Threats Like This

Mallory continuously monitors global threat intelligence and correlates it with your attack surface. Know if you're exposed. Before adversaries strike.