The latest Microsoft Patch Tuesday update released on March 10, 2026, fixes 78 security vulnerabilities affecting Windows, Microsoft Office, Azure, SQL Server, and .NET. Among the fixes is one actively exploited zero-day vulnerability, making this Microsoft Patch release particularly important for organizations and security teams.
Security experts are urging organizations to deploy the Microsoft Patch update immediately, especially due to the presence of a zero-day vulnerability and several Critical-rated flaws across widely used Microsoft products.
Zero-Day Vulnerability Requires Immediate Attention
The most critical issue addressed in this Microsoft Patch update is CVE-2026-21262, a SQL Server Elevation of Privilege vulnerability that is currently being actively exploited. Microsoft has not attributed the attacks to any specific threat actor.
The presence of this zero-day vulnerability highlights the urgency of applying the Microsoft Patch update across affected systems.
Another vulnerability, CVE-2026-26127, a .NET Denial of Service flaw, has been publicly disclosed prior to the release of the Microsoft Patch. Although there is no confirmed active exploitation, publicly available exploit information increases the likelihood of opportunistic attacks.
Vulnerability Breakdown in the March Update
The March 2026 Microsoft Patch addresses multiple vulnerability categories. Elevation of Privilege vulnerabilities make up the largest portion of the update.
Vulnerability distribution:
- Denial of Service â 4
- Elevation of Privilege â 43
- Information Disclosure â 9
- Remote Code Execution â 16
- Security Feature Bypass â 2
- Spoofing â 4
This brings the total number of vulnerabilities fixed in the March Microsoft Patch release to 78.
Critical Vulnerabilities Patched
Three vulnerabilities received Microsoftâs highest Critical severity rating in this Microsoft Patch release.
- CVE-2026-26144 â Microsoft Excel Information Disclosure Vulnerability
- CVE-2026-26113 â Microsoft Office Remote Code Execution Vulnerability
- CVE-2026-26110 â Microsoft Office Remote Code Execution Vulnerability
The Office Remote Code Execution vulnerabilities could allow attackers to execute arbitrary code in the context of the current user if exploited.
Key Elevation of Privilege Vulnerabilities
Elevation of Privilege vulnerabilities represent the largest category in the March Microsoft Patch update.
Notable vulnerabilities include:
- CVE-2026-26132 â Windows Kernel Elevation of Privilege
- CVE-2026-26128 â Windows SMB Server Elevation of Privilege
- CVE-2026-25187 â Winlogon Elevation of Privilege
- CVE-2026-25189 â Windows DWM Core Library Elevation of Privilege
- CVE-2026-26148 â Azure AD SSH Login extension for Linux Elevation of Privilege
Cloud and Azure Related Fixes
Several cloud-related vulnerabilities were also addressed in this Microsoft Patch release.
These include:
- CVE-2026-26141 â Hybrid Worker Extension for Arc-enabled Windows VMs
- CVE-2026-26117 â Azure Connected Machine Agent
- CVE-2026-26118 â Azure MCP Server Tools
Each of these vulnerabilities could allow attackers to gain elevated privileges if successfully exploited.
Remote Code Execution Vulnerabilities
The March Microsoft Patch also resolves several Remote Code Execution vulnerabilities affecting enterprise infrastructure.
Important fixes include:
- CVE-2026-26114 â Microsoft SharePoint Server Remote Code Execution
- CVE-2026-26106 â Microsoft SharePoint Server Remote Code Execution
- CVE-2026-26111 â Windows Routing and Remote Access Service (RRAS)
- CVE-2026-25190 â Windows GDI Remote Code Execution
Four additional Excel Remote Code Execution vulnerabilities were patched:
- CVE-2026-26112
- CVE-2026-26109
- CVE-2026-26108
- CVE-2026-26107
Additional Security Fixes
Other vulnerabilities addressed in the March Microsoft Patch include:
- CVE-2026-26130 â ASP.NET Core Denial of Service
- CVE-2026-26131 â .NET Elevation of Privilege
- CVE-2026-26123 â Microsoft Authenticator Information Disclosure
- CVE-2026-26121 â Azure IoT Explorer Spoofing
- CVE-2026-26105 â SharePoint Spoofing
- CVE-2026-25188 â Windows Telephony Service Elevation of Privilege
- CVE-2026-25186 â Windows Accessibility Infrastructure Information Disclosure
- CVE-2026-26115 â SQL Server Elevation of Privilege
- CVE-2026-26116 â SQL Server Elevation of Privilege
Read More:
Xiaomi SU7 Ultra Owners Offered Free Hood Update After Advertising Dispute
The March 2026 Microsoft Patch release fixes 78 vulnerabilities across multiple Microsoft products, including one actively exploited zero-day vulnerability and several Critical flaws. Security teams are advised to prioritize deploying the Microsoft Patch update immediately, particularly for the SQL Server zero-day, critical Office vulnerabilities, Windows Kernel and SMB Server Elevation of Privilege issues, and SharePoint Remote Code Execution bugs. Prompt deployment of the Microsoft Patch remains essential to reduce security risks across affected environments.
iNews covers the latest and most impactful stories across
entertainment,
business,
sports,
politics, and
technology,
from AI breakthroughs to major global developments. Stay updated with the trends shaping our world. For news tips, editorial feedback, or professional inquiries, please email us at
info@zoombangla.com.
Get the latest news and Breaking News first by following us on
Google News,
Twitter,
Facebook,
Telegram
, and subscribe to our
YouTube channel.
