Microsoft Patch Tuesday March 2026 Fixes 79 Vulnerabilities, Including Two Zero-Days - cyberpress.org

Microsoft Patch Tuesday March 2026 Fixes 79 Vulnerabilities, Including Two Zero-Days By AnuPriya March 11, 2026 Categories: Cyber Security NewsCybersecurityVulnerabilityZero-day Discover more Patched exploitation Cyber Security Microsoft has released its March 2026 Patch Tuesday security updates, fixing 79 vulnerabilities across multiple products, including Windows, Microsoft Office, SQL Server, .NET Framework, Azure components, and Edge browser. The update also addresses two publicly disclosed zero‑day vulnerabilities that could potentially expose enterprise environments to privilege escalation or service disruption if left unpatched. Security teams are strongly advised to deploy the updates quickly because attackers often weaponize newly disclosed vulnerabilities shortly after patches are released. March 2026 Patch Tuesday Overview According to Microsoft’s security advisory, the March release fixes a total of 79 vulnerabilities across the Microsoft ecosystem. The vulnerabilities are categorized as follows: 3 Critical vulnerabilities 76 Important or Low severity issues 46 Elevation of Privilege vulnerabilities 18 Remote Code Execution vulnerabilities Multiple Information Disclosure, Spoofing, Tampering, and Denial‑of‑Service flaws Elevation of privilege issues represents the largest category. These flaws allow attackers with limited access to gain higher permissions within a system, potentially leading to full administrative control. Remote code execution (RCE) vulnerabilities are also particularly dangerous because attackers can exploit them to execute malicious code remotely, often without user interaction. Microsoft also addressed two zero‑day vulnerabilities that had been publicly disclosed before the release of official patches. Although Microsoft reports no evidence of active exploitation, public disclosure increases the likelihood that threat actors may attempt to develop exploits. The two notable zero-day vulnerabilities include: CVE-2026-21262 – SQL Server Elevation of Privilege Vulnerability Attackers with authorized network access could escalate privileges to administrative levels on affected SQL Server environments. .NET Framework Denial-of-Service Vulnerability This flaw allows attackers to trigger service disruptions by causing .NET applications to crash or become unavailable, potentially affecting business operations. Organizations running SQL Server databases or .NET applications should prioritize patch deployment to reduce the risk of service outages or privilege escalation attacks. Patched Vulnerabilities CVE ID Vulnerability Name Type Severity CVE ID Vulnerability Name Type Severity CVE-2024-29059 .NET Framework Information Disclosure Vulnerability Information Disclosure Important CVE-2024-29057 Microsoft Edge (Chromium-based) Spoofing Vulnerability Spoofing Low CVE-2024-28916 Xbox Gaming Services Elevation of Privilege Vulnerability Elevation of Privilege Important CVE-2024-26247 Microsoft Edge Security Feature Bypass Vulnerability Security Feature Bypass Low CVE-2024-26246 Microsoft Edge Security Feature Bypass Vulnerability Security Feature Bypass Low CVE-2024-26204 Outlook for Android Information Disclosure Vulnerability Information Disclosure Important CVE-2024-26203 Azure Data Studio Elevation of Privilege Vulnerability Elevation of Privilege Important CVE-2024-26201 Microsoft Intune Linux Agent Elevation of Privilege Vulnerability Elevation of Privilege Important CVE-2024-26199 Microsoft Office Elevation of Privilege Vulnerability Elevation of Privilege Important CVE-2024-26198 Microsoft Exchange Server Remote Code Execution Vulnerability Remote Code Execution Important CVE-2024-26197 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Denial of Service Important CVE-2024-26196 Microsoft Edge for Android Information Disclosure Vulnerability Information Disclosure Low CVE-2024-26192 Microsoft Edge Information Disclosure Vulnerability Information Disclosure Important CVE-2024-26190 Microsoft QUIC Denial of Service Vulnerability Denial of Service Important CVE-2024-26188 Microsoft Edge Spoofing Vulnerability Spoofing Low CVE-2024-26185 Windows Compressed Folder Tampering Vulnerability Tampering Important CVE-2024-26182 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important CVE-2024-26181 Windows Kernel Denial of Service Vulnerability Denial of Service Important CVE-2024-26178 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important CVE-2024-26177 Windows Kernel Information Disclosure Vulnerability Information Disclosure Important CVE-2024-26176 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important CVE-2024-26174 Windows Kernel Information Disclosure Vulnerability Information Disclosure Important CVE-2024-26173 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important CVE-2024-26170 Windows Composite Image File System Elevation of Privilege Vulnerability Elevation of Privilege Important CVE-2024-26169 Windows Error Reporting Service Elevation of Privilege Vulnerability Elevation of Privilege Important CVE-2024-26167 Microsoft Edge for Android Spoofing Vulnerability Spoofing Low CVE-2024-26166 Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability Remote Code Execution Important CVE-2024-26165 Visual Studio Code Elevation of Privilege Vulnerability Elevation of Privilege Important CVE-2024-26164 Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability Remote Code Execution Important CVE-2024-26163 Microsoft Edge Security Feature Bypass Vulnerability Security Feature Bypass Low Security teams should take the following steps to reduce exposure: Deploy the March 2026 Patch Tuesday updates immediately across Windows servers, workstations, and Microsoft applications. Prioritize internet‑facing systems and critical infrastructure such as SQL Server and Exchange. Test patches in a staging or QA environment before enterprise‑wide deployment. Monitor SQL Server and .NET services for unusual access attempts or abnormal traffic patterns. Review Microsoft Office security settings, as some vulnerabilities can be triggered through the preview pane. Applying these updates promptly is critical because unpatched systems often become targets for ransomware groups and opportunistic attackers scanning the internet for vulnerable infrastructure. Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google. Share Facebook Twitter Pinterest WhatsApp AnuPriya Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends. Recent Articles Cyberattack Targets Poland’s Nuclear Research Center, Investigation Underway Cyber Attack March 16, 2026 Betterleaks: New Open-Source Tool for Scanning Files, Directories, and Git Repositories Cyber Security News March 16, 2026 Android 17 Launches Advanced Protection Mode to Stop Malicious Service Exploits Cyber Security News March 16, 2026 Google Looker Studio Vulnerabilities Enable Attackers to Exfiltrate Data from Google Services Cyber Security News March 16, 2026 Real-Time Phishing Campaigns Use Fake Shipment Alerts To Steal Banking Data In MEA Cyber Security News March 16, 2026 Related Stories Cyber Attack Cyberattack Targets Poland’s Nuclear Research Center, Investigation Underway AnuPriya - March 16, 2026 Cyber Security News Betterleaks: New Open-Source Tool for Scanning Files, Directories, and Git Repositories AnuPriya - March 16, 2026 Cyber Security News Android 17 Launches Advanced Protection Mode to Stop Malicious Service Exploits AnuPriya - March 16, 2026 Cyber Security News Google Looker Studio Vulnerabilities Enable Attackers to Exfiltrate Data from Google Services AnuPriya - March 16, 2026 Cyber Security News Real-Time Phishing Campaigns Use Fake Shipment Alerts To Steal Banking Data In MEA Varshini - March 16, 2026 Cyber Security News Indirect Prompt Injection Attacks Cause OpenClaw AI Agents to Leak Sensitive Data AnuPriya - March 16, 2026 LEAVE A REPLY Comment: Name:* Email:* Website: