Microsoft Patch Tuesday March 2026 – 78 Vulnerabilities Fixed, Including One 0-day - CybersecurityNews

Home Cyber Security Microsoft Patch Tuesday March 2026 – 78 Vulnerabilities Fixed, Including One 0-day Microsoft released its March 2026 Patch Tuesday security update on March 10, 2026, addressing 78 vulnerabilities across Windows, Microsoft Office, Azure, SQL Server, and .NET. The update includes one actively exploited zero-day vulnerability and multiple Critical-rated flaws demanding immediate attention from security teams. The most urgent fix this month is CVE-2026-21262, the sole zero-day in this release. Organizations are strongly advised to prioritize patching this vulnerability without delay. While Microsoft has not publicly attributed active exploitation to a specific threat actor, the presence of a zero-day underscores the need for rapid patch deployment across all affected environments. Additionally, CVE-2026-26127, a .NET Denial of Service vulnerability, has been marked as publicly disclosed, meaning exploit details were available before the patch was released. This classification raises the risk of opportunistic exploitation even without confirmed in-the-wild attacks. Row Labels Count of Impact Denial of Service 4 Elevation of Privilege 43 Information Disclosure 9 Remote Code Execution 16 Security Feature Bypass 2 Spoofing 4 Grand Total 78 Critical Vulnerabilities Patched Three vulnerabilities received Microsoft’s highest Critical severity rating: CVE-2026-26144 – Microsoft Excel Information Disclosure Vulnerability affecting Microsoft Office Excel. Despite being classified as an information disclosure flaw, its Critical rating indicates that successful exploitation could expose highly sensitive data. CVE-2026-26113 – Microsoft Office Remote Code Execution Vulnerability. An attacker who successfully exploits this flaw could execute arbitrary code in the context of the current user, making it a high-priority fix for enterprise environments. CVE-2026-26110 – A second Microsoft Office Remote Code Execution Vulnerability. Like CVE-2026-26113, this flaw targets Office and represents a significant code execution risk, particularly in environments where users regularly open externally sourced documents. Consistent with prior months, Elevation of Privilege (EoP) flaws make up the largest category in this update. Notable EoP vulnerabilities include CVE-2026-26132 in the Windows Kernel, CVE-2026-26128 in Windows SMB Server, CVE-2026-25187 in Winlogon, CVE-2026-25189 in the Windows DWM Core Library, and CVE-2026-26148 affecting the Microsoft Azure AD SSH Login extension for Linux. Cloud-focused fixes also include CVE-2026-26141 in the Hybrid Worker Extension for Arc-enabled Windows VMs, CVE-2026-26117 in the Azure Connected Machine Agent, and CVE-2026-26118 in Azure MCP Server Tools. Several RCE vulnerabilities target critical infrastructure components. CVE-2026-26114 and CVE-2026-26106 both affect Microsoft SharePoint Server, which is commonly exposed to internal networks and represents a high-value target. CVE-2026-26111 targets the Windows Routing and Remote Access Service (RRAS), and CVE-2026-25190 addresses a GDI Remote Code Execution Vulnerability in Windows GDI. Four separate Excel RCE flaws (CVE-2026-26112, CVE-2026-26109, CVE-2026-26108, CVE-2026-26107) were also patched this month. This month’s release also covers CVE-2026-26130 (ASP.NET Core Denial of Service), CVE-2026-26131 (.NET Elevation of Privilege), CVE-2026-26123 (Microsoft Authenticator Information Disclosure), CVE-2026-26121 (Azure IoT Explorer Spoofing), CVE-2026-26105 (SharePoint Spoofing), CVE-2026-25188 (Windows Telephony Service EoP), CVE-2026-25186 (Windows Accessibility Infrastructure Information Disclosure), and CVE-2026-26116 and CVE-2026-26115 (SQL Server Elevation of Privilege). CVE Number CVE Title CVE-2026-20967 System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability CVE-2026-21262 SQL Server Elevation of Privilege Vulnerability CVE-2026-23654 GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability CVE-2026-23656 Windows App Installer Spoofing Vulnerability CVE-2026-23660 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability CVE-2026-23661 Azure IoT Explorer Information Disclosure Vulnerability CVE-2026-23662 Azure IoT Explorer Information Disclosure Vulnerability CVE-2026-23664 Azure IoT Explorer Information Disclosure Vulnerability CVE-2026-23665 Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability CVE-2026-23667 Broadcast DVR Elevation of Privilege Vulnerability CVE-2026-23668 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2026-23669 Windows Print Spooler Remote Code Execution Vulnerability CVE-2026-23671 Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability CVE-2026-23672 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability CVE-2026-23673 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability CVE-2026-23674 MapUrlToZone Security Feature Bypass Vulnerability CVE-2026-24282 Push message Routing Service Elevation of Privilege Vulnerability CVE-2026-24283 Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability CVE-2026-24285 Win32k Elevation of Privilege Vulnerability CVE-2026-24287 Windows Kernel Elevation of Privilege Vulnerability CVE-2026-24288 Windows Mobile Broadband Driver Remote Code Execution Vulnerability CVE-2026-24289 Windows Kernel Elevation of Privilege Vulnerability CVE-2026-24290 Windows Projected File System Elevation of Privilege Vulnerability CVE-2026-24291 Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability CVE-2026-24292 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2026-24294 Windows SMB Server Elevation of Privilege Vulnerability CVE-2026-24295 Windows Device Association Service Elevation of Privilege Vulnerability CVE-2026-24296 Windows Device Association Service Elevation of Privilege Vulnerability CVE-2026-24297 Windows Kerberos Security Feature Bypass Vulnerability CVE-2026-25165 Performance Counters for Windows Elevation of Privilege Vulnerability CVE-2026-25166 Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability CVE-2026-25167 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2026-25168 Windows Graphics Component Denial of Service Vulnerability CVE-2026-25169 Windows Graphics Component Denial of Service Vulnerability CVE-2026-25170 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2026-25171 Windows Authentication Elevation of Privilege Vulnerability CVE-2026-25172 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2026-25173 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2026-25174 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability CVE-2026-25175 Windows NTFS Elevation of Privilege Vulnerability CVE-2026-25176 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2026-25177 Active Directory Domain Services Elevation of Privilege Vulnerability CVE-2026-25178 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2026-25179 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2026-25180 Windows Graphics Component Information Disclosure Vulnerability CVE-2026-25181 GDI+ Information Disclosure Vulnerability CVE-2026-25185 Windows Shell Link Processing Spoofing Vulnerability CVE-2026-25186 Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability CVE-2026-25187 Winlogon Elevation of Privilege Vulnerability CVE-2026-25188 Windows Telephony Service Elevation of Privilege Vulnerability CVE-2026-25189 Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2026-25190 GDI Remote Code Execution Vulnerability CVE-2026-26105 Microsoft SharePoint Server Spoofing Vulnerability CVE-2026-26106 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2026-26107 Microsoft Excel Remote Code Execution Vulnerability CVE-2026-26108 Microsoft Excel Remote Code Execution Vulnerability CVE-2026-26109 Microsoft Excel Remote Code Execution Vulnerability CVE-2026-26110 Microsoft Office Remote Code Execution Vulnerability CVE-2026-26111 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2026-26112 Microsoft Excel Remote Code Execution Vulnerability CVE-2026-26113 Microsoft Office Remote Code Execution Vulnerability CVE-2026-26114 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2026-26115 SQL Server Elevation of Privilege Vulnerability CVE-2026-26116 SQL Server Elevation of Privilege Vulnerability CVE-2026-26117 Arc Enabled Servers – Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2026-26118 Azure MCP Server Tools Elevation of Privilege Vulnerability CVE-2026-26121 Azure IOT Explorer Spoofing Vulnerability CVE-2026-26123 Microsoft Authenticator Information Disclosure Vulnerability CVE-2026-26127 .NET Denial of Service Vulnerability CVE-2026-26128 Windows SMB Server Elevation of Privilege Vulnerability CVE-2026-26130 ASP.NET Core Denial of Service Vulnerability CVE-2026-26131 .NET Elevation of Privilege Vulnerability CVE-2026-26132 Windows Kernel Elevation of Privilege Vulnerability CVE-2026-26134 Microsoft Office Elevation of Privilege Vulnerability CVE-2026-26141 Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability CVE-2026-26144 Microsoft Excel Information Disclosure Vulnerability CVE-2026-26148 Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability Security teams should apply all March 2026 patches as soon as possible, with immediate priority on CVE-2026-21262, the three Critical Office and Excel flaws, the Windows Kernel and SMB Server EoP vulnerabilities, and the SharePoint RCE bugs. All affected product lines require customer action as confirmed by Microsoft. Other Patch Tuesday Updates: Fortinet Security Update – Patch for Multiple Vulnerabilities That Enable Malicious Command Execution. Zoom Workplace for Windows Vulnerabilities Allow Privilege Escalation. Ivanti Desktop and Server Management Vulnerability Allows Attackers to Escalate Privileges. SAP Security Update – Patch for Multiple Vulnerabilities that Enable Remote Code Execution. Fortinet FortiManager fgtupdates Vulnerability Allows Attackers to Execute Malicious Commands. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News New ACRStealer Variant Uses Syscall Evasion, TLS C2 and Secondary Payload Delivery Cyber Security News Microsoft Exchange Online Mailbox Access Outage Affects Users Globally Cyber Security News Betterleaks – A New Open-Source Tool to Scan Directories, Files, and Git Repositories Cyber Security News Konni APT Hijacks KakaoTalk Accounts to Spread Malware in Multi-Stage Spear-Phishing Campaign Android Android 17 Advanced Protection Mode to Block Malicious Service Usage