Skip to main content
List Directory
  • News
  • World
  • Business
  • Entertainment
  • Sports
  • Tech and Science
  • Health
Menu
  • News
  • World
  • Business
  • Entertainment
  • Sports
  • Tech and Science
  • Health
March 2026 Patch Tuesday: Microsoft Fixes 77 Vulnerabilities – Windows, Office & More

March 2026 Patch Tuesday: Microsoft Fixes 77 Vulnerabilities – Windows, Office & More

March 26, 2026 Sarah Wu - Tech Editor Tech and Science

Microsoft’s March 2026 Patch Tuesday addressed a total of 78 vulnerabilities across a broad range of products, including Windows, Microsoft Office, Azure, SQL Server, and .NET. While this month’s release doesn’t feature the immediate urgency of a “zero-day” exploit – February saw five such critical fixes – several patches warrant prompt attention, particularly for organizations heavily reliant on Windows systems. The updates, released on March 10, 2026, represent a routine but essential effort to bolster security against evolving threats.

Image: Shutterstock, @nwz.

Privilege Escalation and SQL Server Vulnerabilities

Two vulnerabilities disclosed publicly before the patch release demand particular scrutiny. CVE-2026-21262 affects SQL Server 2016 and later versions, allowing an attacker to elevate their privileges to system administrator level over a network. According to Rapid7’s Adam Barnett, the vulnerability’s CVSS v3 base score of 8.8, while just below “critical,” doesn’t diminish the risk. “It would be a courageous defender who shrugged and deferred the patches for this one,” Barnett stated. This highlights the potential for significant compromise if left unaddressed. The Microsoft Security Response Center (MSRC) provides detailed information on this advisory here.

The second publicly known flaw, CVE-2026-26127, impacts applications built on the .NET framework. While the immediate impact is likely limited to denial-of-service attacks – causing applications to crash – the potential for further exploitation during a service reboot exists. This vulnerability underscores the importance of promptly applying updates to maintain application stability and prevent potential security breaches.

Office Exploits and Preview Pane Risks

Microsoft Office remains a frequent target for attackers, and this Patch Tuesday is no exception. CVE-2026-26113 and CVE-2026-26110 are both remote code execution vulnerabilities that can be triggered simply by viewing a malicious message in the Preview Pane within Office applications. In other words a user doesn’t even need to open the message to be compromised, making it a particularly dangerous attack vector. This emphasizes the need for caution when handling emails from unknown or untrusted sources.

A Majority of Patches Address Privilege Escalation

Tenable’s Satnam Narang observed that a significant portion – 55% – of the vulnerabilities addressed in this Patch Tuesday relate to privilege escalation. Six of these were flagged as having a higher likelihood of exploitation, affecting core Windows components like the Graphics Component, Accessibility Infrastructure, Kernel, SMB Server, and Winlogon. These vulnerabilities, including CVE-2026-24291 (incorrect permissions in Windows Accessibility Infrastructure), CVE-2026-24294 (authentication issues in SMB), CVE-2026-24289 (memory corruption and race condition), and CVE-2026-25187 (Winlogon weakness discovered by Google Project Zero), represent substantial risks to system security. Details on these vulnerabilities can be found on the MSRC website.

AI-Driven Vulnerability Discovery

A noteworthy aspect of this Patch Tuesday is the identification of CVE-2026-21536, a critical remote code execution bug in the Microsoft Devices Pricing Program. This vulnerability was discovered by XBOW, a fully autonomous AI penetration testing agent. While Microsoft has already mitigated the issue on its finish, requiring no action from Windows users, it marks a significant milestone in the field of cybersecurity. According to Ben McCarthy, lead cyber security engineer at Immersive, this demonstrates the potential of AI to identify complex vulnerabilities without access to source code. XBOW has consistently ranked highly on the Hacker One bug bounty leaderboard, further validating its effectiveness. This development suggests that AI-assisted vulnerability research will develop into increasingly prevalent in the future.

Beyond Windows: Adobe and Firefox Updates

The security update landscape extends beyond Microsoft’s ecosystem. Adobe released updates to address 80 vulnerabilities, some of which are critical, in products like Acrobat and Adobe Commerce. Mozilla Firefox also issued a security update, version 148.0.2, resolving three high-severity CVEs. These updates highlight the importance of maintaining security across all software applications, not just the operating system. More information on Adobe’s security updates can be found here.

Windows Secure Boot Certificate Expiration – A Looming Concern

Alongside the immediate fixes of Patch Tuesday, Microsoft is also drawing attention to a longer-term security concern: the upcoming expiration of Secure Boot certificates. Starting in June 2026, these certificates – crucial for ensuring devices boot securely – will begin to expire. Devices that aren’t updated in time may be unable to boot securely, potentially leaving them vulnerable to malware and other attacks. Microsoft recommends reviewing guidance and taking action to update certificates in advance. Further details and preparation steps are available in KB5079473.

Staying Informed and Managing Updates

For a comprehensive overview of all the patches released this month, the SANS Internet Storm Center provides a detailed Patch Tuesday post. Administrators seeking ongoing information about problematic updates can consult AskWoody.com. Regularly applying security updates remains a cornerstone of a robust cybersecurity posture, and staying informed about the latest vulnerabilities and patches is crucial for protecting systems and data.

Recent Posts

  • Madison Keys vs. Hanne Vandewinkel Live: French Open 2026 TV Schedule and Streaming Guide
  • Our Strict Quality Control Process for Returned Clothing
  • German Business Sentiment Shows Slight Recovery in May According to Ifo Index
  • The 2-week supplement to avoid travel tummy trouble – plus blood clots worries – The Irish Sun
  • Ukraine Achieves Major Battlefield Successes as Russian Casualties Mount

Recent Comments

No comments to show.
List Directory

List-Directory is a comprehensive directory of businesses and services across the United States. Find what you need, when you need it.

Quick Links

  • Home
  • Privacy Policy
  • Terms of Service

Browse by State

  • Alabama
  • Alaska
  • Arizona
  • Arkansas
  • California
  • Colorado

Connect With Us

Official social links will appear here when available.

List-directory.com
For contact, advertising, copyright, issues email: [email protected]

Privacy Policy Terms of Service