Microsoft Patch Tuesday March 2026

11 Mar 2026

The March edition of the Patch Tuesday update addresses 79+ flaws, out of which 3 are critical, and 2 are zero-day vulnerabilities.

 

The following vulnerabilities were addressed through the update that threat actors exploited to orchestrate attacks:

Number 

Type of 
vulnerabilities 

46 

Privilege elevation 

2 

Security feature 
bypass 

18 

Remote code 
execution 

10 

Information  
disclosure 

4 

Denial of service 

4 

Spoofing 

 

2 zero day vulnerabilities addressed

CVE-2026-21262 – SQL Server Elevation of Privilege Vulnerability – CVSS-8.8

This vulnerability was a publicly disclosed zero-day flaw that granted SQLadmin-level privileges to attackers in 2016 and later editions of SQL Server 2016. Attackers could exploit the flaw to:

 

  • Gain unauthorized access to the system – attackers can use the vulnerability to gain unauthorized access to the system by escalating privileges.
  • Manipulate data – attackers can use the privileged access to databases to modify or delete sensitive data.
  • Gain system control – by exploiting the vulnerability, attackers can gain control over SQL Server and execute arbitrary commands to orchestrate their attack.
  • Disrupt services – a full-blown denial of service attack could be carried out, highly impacting the availability of applications that rely on SQL Server.

 

CVE-2026-26127 – .NET Denial of Service Vulnerability – CVSS 7.5

The addressed vulnerability is another publicly disclosed zero-day flaw that attackers are exploiting to disrupt services over the network.

 

Attackers could leverage the flaw to:

 

  • Disrupt services – attackers can make applications unresponsive, which could cause significant downtime of critical services and have a high impact on operations.
  • Gain unauthorized access – this flaw can also be exploited alongside other flaws to gain unauthorized access.
  • Cause total service outage, by exploiting the flaw, attackers can cause total outage of services that could impact an organization’s reputation through loss of customer trust.
  • Drain resources – attackers can use the flaw to cause excessive consumption of system resources, leading to high operational costs and high investment towards resources to mitigate the impact.

 

Other flaws addressed

Microsoft has also addressed flaws (CVE-2026-26110 and CVE-2026-26113) in Microsoft Office that allowed attackers to remotely execute malicious codes via the preview pane. One information disclosure flaw (CVE-2026-26144) in Microsoft Excel, which was exploited by attackers to exfiltrate data and carry out a zero-click attack via Copilot, was also addressed via this update.

 

Secure Boot Certificates expire in June 2026

Protections for Secure Boot and Boot Manager will be disabled, and vulnerability fixes for BitLocker bypass will not be applied if the certificates nearing expiry are not replaced with the updated certificates.

 

While no action will be required by most users as Microsoft has delivered updated certificates via its update channels, some may need an OEM firmware update.

All the vulnerabilities addressed

The following is a complete list of vulnerabilities addressed in the March 2026 Patch Tuesday update:

Component 

CVE ID 

CVE Title 

Severity 

.NET 

CVE-2026-26131 

.NET Elevation of Privilege Vulnerability 

Important 

.NET 

CVE-2026-26127 

.NET Denial of Service Vulnerability 

Important 

Active Directory Domain Services 

CVE-2026-25177 

Active Directory Domain Services Elevation of Privilege Vulnerability 

Important 

ASP.NET Core 

CVE-2026-26130 

ASP.NET Core Denial of Service Vulnerability 

Important 

Azure Arc 

CVE-2026-26141 

Hybrid Worker Extension (Arc-enabled Windows VMs) Elevation of Privilege Vulnerability 

Important 

Azure Compute Gallery 

CVE-2026-23651 

Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability 

Critical 

Azure Compute Gallery 

CVE-2026-26124 

Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability 

Critical 

Azure Compute Gallery 

CVE-2026-26122 

Microsoft ACI Confidential Containers Information Disclosure Vulnerability 

Critical 

Azure Entra ID 

CVE-2026-26148 

Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability 

Important 

Azure IoT Explorer 

CVE-2026-26121 

Azure IOT Explorer Spoofing Vulnerability 

Important 

Azure IoT Explorer 

CVE-2026-23662 

Azure IoT Explorer Information Disclosure Vulnerability 

Important 

Azure IoT Explorer 

CVE-2026-23661 

Azure IoT Explorer Information Disclosure Vulnerability 

Important 

Azure IoT Explorer 

CVE-2026-23664 

Azure IoT Explorer Information Disclosure Vulnerability 

Important 

Azure Linux Virtual Machines 

CVE-2026-23665 

Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability 

Important 

Azure MCP Server 

CVE-2026-26118 

Azure MCP Server Tools Elevation of Privilege Vulnerability 

Important 

Azure Portal Windows Admin Center 

CVE-2026-23660 

Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability 

Important 

Azure Windows Virtual Machine Agent 

CVE-2026-26117 

Arc Enabled Servers – Azure Connected Machine Agent Elevation of Privilege Vulnerability 

Important 

Broadcast DVR 

CVE-2026-23667 

Broadcast DVR Elevation of Privilege Vulnerability 

Important 

Connected Devices Platform Service (Cdpsvc) 

CVE-2026-24292 

Windows Connected Devices Platform Service Elevation of Privilege Vulnerability 

Important 

GitHub Repo: zero-shot-scfoundation 

CVE-2026-23654 

GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability 

Important 

Microsoft Authenticator 

CVE-2026-26123 

Microsoft Authenticator Information Disclosure Vulnerability 

Important 

Microsoft Brokering File System 

CVE-2026-25167 

Microsoft Brokering File System Elevation of Privilege Vulnerability 

Important 

Microsoft Devices Pricing Program 

CVE-2026-21536 

Microsoft Devices Pricing Program Remote Code Execution Vulnerability 

Critical 

Microsoft Edge (Chromium-based) 

CVE-2026-3544 

Chromium: CVE-2026-3544 Heap buffer overflow in WebCodecs 

Unknown 

Microsoft Edge (Chromium-based) 

CVE-2026-3540 

Chromium: CVE-2026-3540 Inappropriate implementation in WebAudio 

Unknown 

Microsoft Edge (Chromium-based) 

CVE-2026-3536 

Chromium: CVE-2026-3536 Integer overflow in ANGLE 

Unknown 

Microsoft Edge (Chromium-based) 

CVE-2026-3538 

Chromium: CVE-2026-3538 Integer overflow in Skia 

Unknown 

Microsoft Edge (Chromium-based) 

CVE-2026-3545 

Chromium: CVE-2026-3545 Insufficient data validation in Navigation 

Unknown 

Microsoft Edge (Chromium-based) 

CVE-2026-3541 

Chromium: CVE-2026-3541 Inappropriate implementation in CSS 

Unknown 

Microsoft Edge (Chromium-based) 

CVE-2026-3543 

Chromium: CVE-2026-3543 Inappropriate implementation in V8 

Unknown 

Microsoft Edge (Chromium-based) 

CVE-2026-3539 

Chromium: CVE-2026-3539 Object lifecycle issue in DevTools 

Unknown 

Microsoft Edge (Chromium-based) 

CVE-2026-3542 

Chromium: CVE-2026-3542 Inappropriate implementation in WebAssembly 

Unknown 

Microsoft Graphics Component 

CVE-2026-25169 

Windows Graphics Component Denial of Service Vulnerability 

Important 

Microsoft Graphics Component 

CVE-2026-25180 

Windows Graphics Component Information Disclosure Vulnerability 

Important 

Microsoft Graphics Component 

CVE-2026-25168 

Windows Graphics Component Denial of Service Vulnerability 

Important 

Microsoft Graphics Component 

CVE-2026-23668 

Windows Graphics Component Elevation of Privilege Vulnerability 

Important 

Microsoft Office 

CVE-2026-26110 

Microsoft Office Remote Code Execution Vulnerability 

Critical 

Microsoft Office 

CVE-2026-26113 

Microsoft Office Remote Code Execution Vulnerability 

Critical 

Microsoft Office 

CVE-2026-26134 

Microsoft Office Elevation of Privilege Vulnerability 

Important 

Microsoft Office Excel 

CVE-2026-26144 

Microsoft Excel Information Disclosure Vulnerability 

Critical 

Microsoft Office Excel 

CVE-2026-26109 

Microsoft Excel Remote Code Execution Vulnerability 

Important 

Microsoft Office Excel 

CVE-2026-26108 

Microsoft Excel Remote Code Execution Vulnerability 

Important 

Microsoft Office Excel 

CVE-2026-26107 

Microsoft Excel Remote Code Execution Vulnerability 

Important 

Microsoft Office Excel 

CVE-2026-26112 

Microsoft Excel Remote Code Execution Vulnerability 

Important 

Microsoft Office SharePoint 

CVE-2026-26105 

Microsoft SharePoint Server Spoofing Vulnerability 

Important 

Microsoft Office SharePoint 

CVE-2026-26114 

Microsoft SharePoint Server Remote Code Execution Vulnerability 

Important 

Microsoft Office SharePoint 

CVE-2026-26106 

Microsoft SharePoint Server Remote Code Execution Vulnerability 

Important 

Microsoft Semantic Kernel Python SDK 

CVE-2026-26030 

GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable 

Important 

Payment Orchestrator Service 

CVE-2026-26125 

Payment Orchestrator Service Elevation of Privilege Vulnerability 

Critical 

Push Message Routing Service 

CVE-2026-24282 

Push message Routing Service Elevation of Privilege Vulnerability 

Important 

Role: Windows Hyper-V 

CVE-2026-25170 

Windows Hyper-V Elevation of Privilege Vulnerability 

Important 

SQL Server 

CVE-2026-21262 

SQL Server Elevation of Privilege Vulnerability 

Important 

SQL Server 

CVE-2026-26116 

SQL Server Elevation of Privilege Vulnerability 

Important 

SQL Server 

CVE-2026-26115 

SQL Server Elevation of Privilege Vulnerability 

Important 

System Center Operations Manager 

CVE-2026-20967 

System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability 

Important 

Windows Accessibility Infrastructure (ATBroker.exe) 

CVE-2026-25186 

Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability 

Important 

Windows Accessibility Infrastructure (ATBroker.exe) 

CVE-2026-24291 

Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability 

Important 

Windows Ancillary Function Driver for WinSock 

CVE-2026-25179 

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 

Important 

Windows Ancillary Function Driver for WinSock 

CVE-2026-24293 

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 

Important 

Windows Ancillary Function Driver for WinSock 

CVE-2026-25176 

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 

Important 

Windows Ancillary Function Driver for WinSock 

CVE-2026-25178 

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 

Important 

Windows App Installer 

CVE-2026-23656 

Windows App Installer Spoofing Vulnerability 

Important 

Windows Authentication Methods 

CVE-2026-25171 

Windows Authentication Elevation of Privilege Vulnerability 

Important 

Windows Bluetooth RFCOM Protocol Driver 

CVE-2026-23671 

Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability 

Important 

Windows Device Association Service 

CVE-2026-24296 

Windows Device Association Service Elevation of Privilege Vulnerability 

Important 

Windows Device Association Service 

CVE-2026-24295 

Windows Device Association Service Elevation of Privilege Vulnerability 

Important 

Windows DWM Core Library 

CVE-2026-25189 

Windows DWM Core Library Elevation of Privilege Vulnerability 

Important 

Windows Extensible File Allocation 

CVE-2026-25174 

Windows Extensible File Allocation Table Elevation of Privilege Vulnerability 

Important 

Windows File Server 

CVE-2026-24283 

Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability 

Important 

Windows GDI 

CVE-2026-25190 

GDI Remote Code Execution Vulnerability 

Important 

Windows GDI+ 

CVE-2026-25181 

GDI+ Information Disclosure Vulnerability 

Important 

Windows Kerberos 

CVE-2026-24297 

Windows Kerberos Security Feature Bypass Vulnerability 

Important 

Windows Kernel 

CVE-2026-26132 

Windows Kernel Elevation of Privilege Vulnerability 

Important 

Windows Kernel 

CVE-2026-24289 

Windows Kernel Elevation of Privilege Vulnerability 

Important 

Windows Kernel 

CVE-2026-24287 

Windows Kernel Elevation of Privilege Vulnerability 

Important 

Windows MapUrlToZone 

CVE-2026-23674 

MapUrlToZone Security Feature Bypass Vulnerability 

Important 

Windows Mobile Broadband 

CVE-2026-24288 

Windows Mobile Broadband Driver Remote Code Execution Vulnerability 

Important 

Windows NTFS 

CVE-2026-25175 

Windows NTFS Elevation of Privilege Vulnerability 

Important 

Windows Performance Counters 

CVE-2026-25165 

Performance Counters for Windows Elevation of Privilege Vulnerability 

Important 

Windows Print Spooler Components 

CVE-2026-23669 

Windows Print Spooler Remote Code Execution Vulnerability 

Important 

Windows Projected File System 

CVE-2026-24290 

Windows Projected File System Elevation of Privilege Vulnerability 

Important 

Windows Resilient File System (ReFS) 

CVE-2026-23673 

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability 

Important 

Windows Routing and Remote Access Service (RRAS) 

CVE-2026-26111 

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 

Important 

Windows Routing and Remote Access Service (RRAS) 

CVE-2026-25173 

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 

Important 

Windows Routing and Remote Access Service (RRAS) 

CVE-2026-25172 

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 

Important 

Windows Shell Link Processing 

CVE-2026-25185 

Windows Shell Link Processing Spoofing Vulnerability 

Important 

Windows SMB Server 

CVE-2026-26128 

Windows SMB Server Elevation of Privilege Vulnerability 

Important 

Windows SMB Server 

CVE-2026-24294 

Windows SMB Server Elevation of Privilege Vulnerability 

Important 

Windows System Image Manager 

CVE-2026-25166 

Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability 

Important 

Windows Telephony Service 

CVE-2026-25188 

Windows Telephony Service Elevation of Privilege Vulnerability 

Important 

Windows Universal Disk Format File System Driver (UDFS) 

CVE-2026-23672 

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability 

Important 

Windows Win32K 

CVE-2026-24285 

Win32k Elevation of Privilege Vulnerability 

Important 

Winlogon 

CVE-2026-25187 

Winlogon Elevation of Privilege Vulnerability 

Important 

SharkStriker’s recommendations

The following are some of the security recommendations:

 

  • Immediately apply the March Patch Tuesday update to all the applicable Microsoft products.
  • Prioritize patching the zero-day flaws in SQL Server and .NET, the critical RCE flaws in Microsoft Office, Excel, EoP flaws in Windows Kernel, and RCE flaws in SharePoint.
  • Enable Multi-Factor Authentication (MFA) for administrative accounts and cloud services.
  • Until the patches are applied for the flaws CVE-2026-26110 & CVE-2026-26113, disable the preview pane feature in Office.
  • Verify whether all the near-expiry Secure Boot Certificates are updated for all the devices.
  • Restrict network exposure for critical services such as SQL Server and Windows remote services.
  • Monitor for indicators of exploitation including privilege escalation attempts, abnormal Office activity, and suspicious authentication logs.

Get in Touch With us

We have explored what risk tolerance and risk appetite are and how important they are together in helping businesses align cybersecurity with their business goals. It can help CISOs, and C-suite make informed investment decisions for cybersecurity.

LEARN MORE