Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products - Security Boulevard

by NSFOCUS on March 29, 2026 Overview On March 11, NSFOCUS CERT detected that Microsoft released the March Security Update patch, which fixed 83 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this month, there are 8 critical vulnerabilities and 75 important vulnerabilities. Please update the patch as soon as possible for protection. For a complete list of vulnerabilities, please refer to the appendix. Reference link: https://msrc.microsoft.com/update-guide/releaseNote/2026-Mar Key Vulnerabilities Based on the product popularity and vulnerability importance, this update contains vulnerabilities with greater impact. Relevant users are requested to pay special attention: Microsoft Office Remote Code Execution Vulnerability (CVE-2026-26110): A remote code execution vulnerability exists in Microsoft Office. Due to type confusion issues in Microsoft Office, an unauthenticated attacker can access resources through incompatible data types, and the user preview pane will trigger arbitrary code execution. CVSS score 8.4. Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26110 Microsoft Office Remote Code Execution Vulnerability (CVE-2026-26113): A remote code execution vulnerability exists in Microsoft Office. Due to the untrusted pointer dereference problem that Microsoft Office is dealing with, an unauthenticated attacker can send a specially crafted malicious file to the user, which will cause arbitrary code execution after the user previews or clicks it. CVSS score 8.4. Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113 Microsoft Excel Information Disclosure Vulnerability (CVE-2026-26144): There is an information disclosure vulnerability in Microsoft Excel. Because Microsoft Excel fails to correctly process the input data during the web page generation process, it leads to cross-site scripting attacks. Unauthenticated attackers can obtain sensitive information through the Copilot Agent mode. CVSS score 7.5. Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26144 Windows Print Spooler Remote Code Execution Vulnerability (CVE-2026-23669): Windows Print Spooler has a remote code execution vulnerability. Because Windows Print Spooler allows use-after-free reuse (use-after-free), an authenticated attacker can execute arbitrary code over the network. CVSS score 8.8. Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23669 Windows SMB Server Privilege Escalation Vulnerability (CVE-2026-24294): A privilege escalation vulnerability exists in Windows SMB Server, which allows an authenticated local attacker to elevate privileges to SYSTEM due to improper authentication issues in the Windows SMB server. CVSS score 7.8. Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24294 Windows Graphics Component Privilege Escalation Vulnerability (CVE-2026-23668): A privilege escalation vulnerability exists in the Windows Graphics Component. Due to a flawed synchronization mechanism when using shared resources in Microsoft Graphics Component, an authenticated attacker can elevate privileges to SYSTEM through conditional competition. CVSS score 7.0. Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23668 Scope of Impact The following are the affected product versions of some key vulnerabilities. For the scope of products affected by other vulnerabilities, please refer to the official announcement link. Vulnerability Number Affected product versions CVE-2026-26110 Microsoft Office for Android Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office LTSC for Mac 2024 Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions CVE-2026-26113 Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office LTSC for Mac 2024 Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Enterprise Server 2016 CVE-2026-26144 Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems CVE-2026-23669 CVE-2026-24294 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 11 version 26H1 for x64-based Systems Windows 11 Version 26H1 for ARM64-based Systems CVE-2026-23668 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Mitigation At present, Microsoft has officially released security patches to fix the above vulnerabilities for supported product versions. It is strongly recommended that affected users install patches as soon as possible for protection. The official download link: https://msrc.microsoft.com/update-guide/releaseNote/2026-Mar Note: Patch updates for Windows Update may fail due to network problems, computer environment problems, etc. After installing the patch, users should check whether the patch has been successfully updated in time. Right-click the Windows icon, select “Settings (N)”, select “Update and Security”-“Windows Update”, view the prompt information on this page, or click “View Update History” to view the historical update status. For updates that have not been successfully installed, you can click the update name to jump to the Microsoft official download page. It is recommended that users click the link on this page and go to the “Microsoft Update” website to download the independent program package and install it. Appendix: Vulnerability List Affected products CVE No. Vulnerability Title Severity Microsoft Office CVE-2026-26113 Microsoft Office Remote Code Execution Vulnerability Critical Azure CVE-2026-23651 Microsoft ACI Confidential Containers Privilege Escalation Vulnerability Critical Device CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability Critical Azure CVE-2026-26124 Microsoft ACI Confidential Containers Privilege Escalation Vulnerability Critical Other CVE-2026-26125 Payment Orchestrator Service privilege escalation vulnerability Critical Azure CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability Critical Microsoft Office CVE-2026-26110 Microsoft Office Remote Code Execution Vulnerability Critical Microsoft Office CVE-2026-26144 Microsoft Excel Information Disclosure Vulnerability Critical Microsoft SQL Server CVE-2026-21262 SQL Server Privilege Escalation Vulnerability Important Azure CVE-2026-23660 Windows Admin Center in Azure Portal Privilege Escalation Vulnerability Important Azure CVE-2026-23664 Azure IoT Explorer information disclosure vulnerability Important Windows CVE-2026-23667 Broadcast DVR Privilege Escalation Vulnerability Important Windows CVE-2026-23668 Windows Graphics Component Escalation Vulnerability Important Windows CVE-2026-23669 Windows Print Spooler Remote Code Execution Vulnerability Important Windows CVE-2026-23671 Windows Bluetooth RFCOM Protocol Driver Escalation Vulnerability Important Windows CVE-2026-23672 Windows Universal Disk Format File System Driver (UDFS) Privilege Escalation Vulnerability Important Windows CVE-2026-23673 Windows Resilient File System (ReFS) Privilege Escalation Vulnerability Important Windows CVE-2026-24282 Push message Routing Service privilege escalation vulnerability Important Windows CVE-2026-24283 Multiple UNC Provider Kernel Driver privilege escalation vulnerability Important Microsoft Office,Windows CVE-2026-24285 Win32k Privilege Escalation Vulnerability Important Windows CVE-2026-24287 Windows Kernel privilege escalation vulnerability Important Windows CVE-2026-24288 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important Windows CVE-2026-24289 Windows Kernel privilege escalation vulnerability Important Windows CVE-2026-24290 Windows Projected File System Privilege Escalation Vulnerability Important Windows CVE-2026-24291 Windows Accessibility Infrastructure (ATBroker.exe) Privilege Escalation Vulnerability Important Windows CVE-2026-24292 Windows Connected Devices Platform Service privilege escalation vulnerability Important Windows CVE-2026-24293 Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability Important Windows CVE-2026-24294 Windows SMB Server Privilege Escalation Vulnerability Important Windows CVE-2026-24295 Windows Device Association Service privilege escalation vulnerability Important Windows CVE-2026-24296 Windows Device Association Service privilege escalation vulnerability Important Windows CVE-2026-24297 Windows Kerberos security feature bypass vulnerability Important Windows CVE-2026-25165 Performance Counters for Windows privilege escalation vulnerabilities Important Windows CVE-2026-25166 Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability Important Windows CVE-2026-25167 Microsoft Brokering File System Privilege Escalation Vulnerability Important Windows CVE-2026-25168 Windows Graphics Component Denial of Service Vulnerability Important Windows CVE-2026-25169 Windows Graphics Component Denial of Service Vulnerability Important Windows CVE-2026-25170 Windows Hyper-V privilege escalation vulnerability Important Windows CVE-2026-25171 Windows Authentication privilege escalation vulnerability Important Windows CVE-2026-25172 Windows Routing and Remote Access Service (RRAS) remote code execution vulnerability Important Windows CVE-2026-25173 Windows Routing and Remote Access Service (RRAS) remote code execution vulnerability Important Windows CVE-2026-25174 Windows Extensible File Allocation Table Privilege Escalation Vulnerability Important Windows CVE-2026-25175 Windows NTFS privilege escalation vulnerability Important Windows CVE-2026-25176 Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability Important Windows CVE-2026-25177 Active Directory Domain Services privilege escalation vulnerability Important Windows CVE-2026-25178 Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability Important Windows CVE-2026-25179 Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability Important Microsoft Office,Windows CVE-2026-25180 Windows Graphics Component Information Disclosure Vulnerability Important Windows CVE-2026-25181 GDI+ information leakage vulnerability Important Windows CVE-2026-25185 Windows Shell Link Data Processing Spoofing Vulnerability Important Windows CVE-2026-25186 Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability Important Windows CVE-2026-25187 Winlogon Privilege Escalation Vulnerability Important Windows CVE-2026-25188 Windows Telephony Service privilege escalation vulnerability Important Windows CVE-2026-25189 Windows DWM Core Library privilege escalation vulnerability Important Windows CVE-2026-25190 GDI remote code execution vulnerability Important Microsoft Office CVE-2026-26105 Microsoft SharePoint Server Spoofing Vulnerability Important Windows CVE-2026-26111 Windows Routing and Remote Access Service (RRAS) remote code execution vulnerability Important Microsoft Office CVE-2026-26112 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office CVE-2026-26114 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Windows CVE-2026-23656 Windows App Installer spoofing vulnerability Important System Center CVE-2026-20967 System Center Operations Manager (SCOM) privilege escalation vulnerability Important Azure CVE-2026-26121 Azure IOT Explorer spoofing vulnerability Important Microsoft SQL Server CVE-2026-26115 SQL Server Privilege Escalation Vulnerability Important Microsoft SQL Server CVE-2026-26116 SQL Server Privilege Escalation Vulnerability Important Windows CVE-2026-26128 Windows SMB Server Privilege Escalation Vulnerability Important .NET 10.0 installed on Linux CVE-2026-26131 .NET privilege escalation vulnerability Important Windows CVE-2026-26132 Windows Kernel privilege escalation vulnerability Important Microsoft Office CVE-2026-26134 Microsoft Office privilege escalation vulnerability Important Microsoft.Bcl.Memory, .NET 9.0 installed on Windows, .NET 10.0 installed on Windows, .NET 9.0 installed on Mac OS, .NET 10.0 installed on Linux, .NET 10.0 installed on Mac OS, .NET 9.0 installed on Linux CVE-2026-26127 .NET Denial of Service Vulnerability Important Windows CVE-2026-23674 MapUrlToZone security feature bypass vulnerability Important Azure CVE-2026-26148 Microsoft Azure AD SSH Login extension for Linux privilege escalation vulnerability Important Open Source Software CVE-2026-23654 GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability Important Azure CVE-2026-23661 Azure IoT Explorer information disclosure vulnerability Important Azure CVE-2026-23662 Azure IoT Explorer information disclosure vulnerability Important Azure CVE-2026-23665 Linux Azure Diagnostic extension (LAD) privilege escalation vulnerability Important Microsoft Office CVE-2026-26106 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Office CVE-2026-26107 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office CVE-2026-26108 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office CVE-2026-26109 Microsoft Excel Remote Code Execution Vulnerability Important Azure CVE-2026-26117 Arc Enabled Servers-Azure Connected Machine Agent privilege escalation vulnerability Important Azure CVE-2026-26118 Azure MCP Server Tools privilege escalation vulnerability Important Apps CVE-2026-26123 Microsoft Authenticator Information Disclosure Vulnerability Important ASP.NET Core CVE-2026-26130 ASP.NET Core denial of service vulnerability Important Azure CVE-2026-26141 Hybrid Worker Extension (Arcenabled‑ Windows VMs) Privilege Escalation Vulnerability Important Statement This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS. About NSFOCUS NSFOCUS, a pioneering leader in cybersecurity, is dedicated to safeguarding telecommunications, Internet service providers, hosting providers, and enterprises from sophisticated cyberattacks. Founded in 2000, NSFOCUS operates globally with over 4000 employees at two headquarters in Beijing, China, and Santa Clara, CA, USA, and over 50 offices worldwide. It has a proven track record of protecting over 25% of the Fortune Global 500 companies, including four of the five largest banks and six of the world’s top ten telecommunications companies. Leveraging technical prowess and innovation, NSFOCUS delivers a comprehensive suite of security solutions, including the Intelligent Security Operations Platform (ISOP) for modern SOC, DDoS Protection, Continuous Threat Exposure Management (CTEM) Service and Web Application and API Protection (WAAP). All the solutions and services are augmented by the Security Large Language Model (SecLLM), ML, patented algorithms and other cutting-edge research achievements developed by NSFOCUS. The post Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.. March 29, 2026 0 Comments azure, Blog, Emergency Response, Microsoft vulnerabilities, Microsoft's Security, office, SQL Server