By rssfeeds-admin 
The update includes one actively exploited zero-day vulnerability and multiple Critical-rated flaws demanding immediate attention from security teams.
The most urgent fix this month is CVE-2026-21262, the sole zero-day in this release. Organizations are strongly advised to prioritize patching this vulnerability without delay.
While Microsoft has not publicly attributed active exploitation to a specific threat actor, the presence of a zero-day underscores the need for rapid patch deployment across all affected environments.
Additionally, CVE-2026-26127, a .NET Denial of Service vulnerability, has been marked as publicly disclosed, meaning exploit details were available before the patch was released. This classification raises the risk of opportunistic exploitation even without confirmed in-the-wild attacks.
| Row Labels | Count of Impact |
| Denial of Service | 4 |
| Elevation of Privilege | 43 |
| Information Disclosure | 9 |
| Remote Code Execution | 16 |
| Security Feature Bypass | 2 |
| Spoofing | 4 |
| Grand Total | 78 |
Critical Vulnerabilities Patched
Three vulnerabilities received Microsoft’s highest Critical severity rating:
- CVE-2026-26144 – Microsoft Excel Information Disclosure Vulnerability affecting Microsoft Office Excel. Despite being classified as an information disclosure flaw, its Critical rating indicates that successful exploitation could expose highly sensitive data.
- CVE-2026-26113 – Microsoft Office Remote Code Execution Vulnerability. An attacker who successfully exploits this flaw could execute arbitrary code in the context of the current user, making it a high-priority fix for enterprise environments.
- CVE-2026-26110 – A second Microsoft Office Remote Code Execution Vulnerability. Like CVE-2026-26113, this flaw targets Office and represents a significant code execution risk, particularly in environments where users regularly open externally sourced documents.
Consistent with prior months, Elevation of Privilege (EoP) flaws make up the largest category in this update. Notable EoP vulnerabilities include CVE-2026-26132 in the Windows Kernel, CVE-2026-26128 in Windows SMB Server, CVE-2026-25187 in Winlogon, CVE-2026-25189 in the Windows DWM Core Library, and CVE-2026-26148 affecting the Microsoft Azure AD SSH Login extension for Linux.
Cloud-focused fixes also include CVE-2026-26141 in the Hybrid Worker Extension for Arc-enabled Windows VMs, CVE-2026-26117 in the Azure Connected Machine Agent, and CVE-2026-26118 in Azure MCP Server Tools.
Several RCE vulnerabilities target critical infrastructure components. CVE-2026-26114 and CVE-2026-26106 both affect Microsoft SharePoint Server, which is commonly exposed to internal networks and represents a high-value target.
CVE-2026-26111 targets the Windows Routing and Remote Access Service (RRAS), and CVE-2026-25190 addresses a GDI Remote Code Execution Vulnerability in Windows GDI. Four separate Excel RCE flaws (CVE-2026-26112, CVE-2026-26109, CVE-2026-26108, CVE-2026-26107) were also patched this month.
This month’s release also covers CVE-2026-26130 (ASP.NET Core Denial of Service), CVE-2026-26131 (.NET Elevation of Privilege), CVE-2026-26123 (Microsoft Authenticator Information Disclosure), CVE-2026-26121 (Azure IoT Explorer Spoofing), CVE-2026-26105 (SharePoint Spoofing), CVE-2026-25188 (Windows Telephony Service EoP), CVE-2026-25186 (Windows Accessibility Infrastructure Information Disclosure), and CVE-2026-26116 and CVE-2026-26115 (SQL Server Elevation of Privilege).
| CVE Number | CVE Title |
| CVE-2026-20967 | System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability |
| CVE-2026-21262 | SQL Server Elevation of Privilege Vulnerability |
| CVE-2026-23654 | GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability |
| CVE-2026-23656 | Windows App Installer Spoofing Vulnerability |
| CVE-2026-23660 | Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability |
| CVE-2026-23661 | Azure IoT Explorer Information Disclosure Vulnerability |
| CVE-2026-23662 | Azure IoT Explorer Information Disclosure Vulnerability |
| CVE-2026-23664 | Azure IoT Explorer Information Disclosure Vulnerability |
| CVE-2026-23665 | Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability |
| CVE-2026-23667 | Broadcast DVR Elevation of Privilege Vulnerability |
| CVE-2026-23668 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2026-23669 | Windows Print Spooler Remote Code Execution Vulnerability |
| CVE-2026-23671 | Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability |
| CVE-2026-23672 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| CVE-2026-23673 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| CVE-2026-23674 | MapUrlToZone Security Feature Bypass Vulnerability |
| CVE-2026-24282 | Push message Routing Service Elevation of Privilege Vulnerability |
| CVE-2026-24283 | Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability |
| CVE-2026-24285 | Win32k Elevation of Privilege Vulnerability |
| CVE-2026-24287 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-24288 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2026-24289 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-24290 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2026-24291 | Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability |
| CVE-2026-24292 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability |
| CVE-2026-24293 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-24294 | Windows SMB Server Elevation of Privilege Vulnerability |
| CVE-2026-24295 | Windows Device Association Service Elevation of Privilege Vulnerability |
| CVE-2026-24296 | Windows Device Association Service Elevation of Privilege Vulnerability |
| CVE-2026-24297 | Windows Kerberos Security Feature Bypass Vulnerability |
| CVE-2026-25165 | Performance Counters for Windows Elevation of Privilege Vulnerability |
| CVE-2026-25166 | Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability |
| CVE-2026-25167 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2026-25168 | Windows Graphics Component Denial of Service Vulnerability |
| CVE-2026-25169 | Windows Graphics Component Denial of Service Vulnerability |
| CVE-2026-25170 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2026-25171 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2026-25172 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2026-25173 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2026-25174 | Windows Extensible File Allocation Table Elevation of Privilege Vulnerability |
| CVE-2026-25175 | Windows NTFS Elevation of Privilege Vulnerability |
| CVE-2026-25176 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-25177 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2026-25178 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-25179 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-25180 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2026-25181 | GDI+ Information Disclosure Vulnerability |
| CVE-2026-25185 | Windows Shell Link Processing Spoofing Vulnerability |
| CVE-2026-25186 | Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability |
| CVE-2026-25187 | Winlogon Elevation of Privilege Vulnerability |
| CVE-2026-25188 | Windows Telephony Service Elevation of Privilege Vulnerability |
| CVE-2026-25189 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2026-25190 | GDI Remote Code Execution Vulnerability |
| CVE-2026-26105 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-26106 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2026-26107 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-26108 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-26109 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-26110 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-26111 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2026-26112 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-26113 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-26114 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2026-26115 | SQL Server Elevation of Privilege Vulnerability |
| CVE-2026-26116 | SQL Server Elevation of Privilege Vulnerability |
| CVE-2026-26117 | Arc Enabled Servers – Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| CVE-2026-26118 | Azure MCP Server Tools Elevation of Privilege Vulnerability |
| CVE-2026-26121 | Azure IOT Explorer Spoofing Vulnerability |
| CVE-2026-26123 | Microsoft Authenticator Information Disclosure Vulnerability |
| CVE-2026-26127 | .NET Denial of Service Vulnerability |
| CVE-2026-26128 | Windows SMB Server Elevation of Privilege Vulnerability |
| CVE-2026-26130 | ASP.NET Core Denial of Service Vulnerability |
| CVE-2026-26131 | .NET Elevation of Privilege Vulnerability |
| CVE-2026-26132 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-26134 | Microsoft Office Elevation of Privilege Vulnerability |
| CVE-2026-26141 | Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability |
| CVE-2026-26144 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2026-26148 | Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability |
Security teams should apply all March 2026 patches as soon as possible, with immediate priority on CVE-2026-21262, the three Critical Office and Excel flaws, the Windows Kernel and SMB Server EoP vulnerabilities, and the SharePoint RCE bugs. All affected product lines require customer action as confirmed by Microsoft.
Other Patch Tuesday Updates:
- Fortinet Security Update – Patch for Multiple Vulnerabilities That Enable Malicious Command Execution.
- Zoom Workplace for Windows Vulnerabilities Allow Privilege Escalation.
- Ivanti Desktop and Server Management Vulnerability Allows Attackers to Escalate Privileges.
- SAP Security Update – Patch for Multiple Vulnerabilities that Enable Remote Code Execution.
- Fortinet FortiManager fgtupdates Vulnerability Allows Attackers to Execute Malicious Commands.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Microsoft Patch Tuesday March 2026 – 78 Vulnerabilities Fixed, Including One 0-day appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.