By rssfeeds-admin 
The update also addresses two publicly disclosed zero‑day vulnerabilities that could potentially expose enterprise environments to privilege escalation or service disruption if left unpatched.
Security teams are strongly advised to deploy the updates quickly because attackers often weaponize newly disclosed vulnerabilities shortly after patches are released.
March 2026 Patch Tuesday Overview
According to Microsoft’s security advisory, the March release fixes a total of 79 vulnerabilities across the Microsoft ecosystem.
The vulnerabilities are categorized as follows:
- 3 Critical vulnerabilities
- 76 Important or Low severity issues
- 46 Elevation of Privilege vulnerabilities
- 18 Remote Code Execution vulnerabilities
- Multiple Information Disclosure, Spoofing, Tampering, and Denial‑of‑Service flaws
Elevation of privilege issues represents the largest category. These flaws allow attackers with limited access to gain higher permissions within a system, potentially leading to full administrative control.
Remote code execution (RCE) vulnerabilities are also particularly dangerous because attackers can exploit them to execute malicious code remotely, often without user interaction.
Microsoft also addressed two zero‑day vulnerabilities that had been publicly disclosed before the release of official patches.
Although Microsoft reports no evidence of active exploitation, public disclosure increases the likelihood that threat actors may attempt to develop exploits.
The two notable zero-day vulnerabilities include:
- CVE-2026-21262 – SQL Server Elevation of Privilege Vulnerability
Attackers with authorized network access could escalate privileges to administrative levels on affected SQL Server environments. - .NET Framework Denial-of-Service Vulnerability
This flaw allows attackers to trigger service disruptions by causing .NET applications to crash or become unavailable, potentially affecting business operations.
Organizations running SQL Server databases or .NET applications should prioritize patch deployment to reduce the risk of service outages or privilege escalation attacks.
Patched Vulnerabilities
| CVE ID | Vulnerability Name | Type | Severity |
|---|
| CVE ID | Vulnerability Name | Type | Severity |
|---|---|---|---|
| CVE-2024-29059 | .NET Framework Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2024-29057 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Spoofing | Low |
| CVE-2024-28916 | Xbox Gaming Services Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2024-26247 | Microsoft Edge Security Feature Bypass Vulnerability | Security Feature Bypass | Low |
| CVE-2024-26246 | Microsoft Edge Security Feature Bypass Vulnerability | Security Feature Bypass | Low |
| CVE-2024-26204 | Outlook for Android Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2024-26203 | Azure Data Studio Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2024-26201 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2024-26199 | Microsoft Office Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2024-26198 | Microsoft Exchange Server Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2024-26197 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2024-26196 | Microsoft Edge for Android Information Disclosure Vulnerability | Information Disclosure | Low |
| CVE-2024-26192 | Microsoft Edge Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2024-26190 | Microsoft QUIC Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2024-26188 | Microsoft Edge Spoofing Vulnerability | Spoofing | Low |
| CVE-2024-26185 | Windows Compressed Folder Tampering Vulnerability | Tampering | Important |
| CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2024-26181 | Windows Kernel Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2024-26178 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2024-26177 | Windows Kernel Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2024-26176 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2024-26174 | Windows Kernel Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2024-26173 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2024-26170 | Windows Composite Image File System Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2024-26169 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2024-26167 | Microsoft Edge for Android Spoofing Vulnerability | Spoofing | Low |
| CVE-2024-26166 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2024-26165 | Visual Studio Code Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2024-26164 | Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2024-26163 | Microsoft Edge Security Feature Bypass Vulnerability | Security Feature Bypass | Low |
Security teams should take the following steps to reduce exposure:
- Deploy the March 2026 Patch Tuesday updates immediately across Windows servers, workstations, and Microsoft applications.
- Prioritize internet‑facing systems and critical infrastructure such as SQL Server and Exchange.
- Test patches in a staging or QA environment before enterprise‑wide deployment.
- Monitor SQL Server and .NET services for unusual access attempts or abnormal traffic patterns.
- Review Microsoft Office security settings, as some vulnerabilities can be triggered through the preview pane.
Applying these updates promptly is critical because unpatched systems often become targets for ransomware groups and opportunistic attackers scanning the internet for vulnerable infrastructure.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Microsoft Patch Tuesday March 2026 Fixes 79 Vulnerabilities, Including Two Zero-Days appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.