Ethical Hacking News
Microsoft's March 2026 Patch Tuesday has brought a slew of security updates to its various products, addressing a total of 94 vulnerabilities across Windows, Office, Edge, Azure, SQL Server, Hyper-V, and ReFS. Two critical vulnerabilities have been publicly disclosed, but none is known to be actively exploited at this time.
Microsoft has addressed 94 vulnerabilities across its products with March 2026 Patch Tuesday, including critical and important flaws. Eight critical vulnerabilities were addressed, while the rest were rated important. CVE-2026-21536 has a CVSS score of 9.8, allowing remote code execution on Microsoft Devices Pricing Program services without privileges or user interaction. CVE-2026-26110 enables remote code execution in Microsoft Office through malicious files processed in the Preview Pane. Other addressed vulnerabilities include .NET out-of-bounds reads and elevation of privilege flaws in Microsoft SQL Server, Azure, Hyper-V, and ReFS products. A ClickFix campaign is exploiting Windows Terminal to deliver Lumma Stealer malware, targeting individuals using Windows Terminal.
Microsoft's March 2026 Patch Tuesday has brought a slew of security updates to its various products, addressing a total of 94 vulnerabilities across Windows, Office, Edge, Azure, SQL Server, Hyper-V, and ReFS. While none of the flaws are known to be actively exploited at this time, it is essential for organizations to take note of these updates and implement them as soon as possible.
The IT giant addressed eight critical vulnerabilities and the rest were rated important. Two vulnerabilities, tracked as CVE-2026-26127 and CVE-2026-21262, were publicly disclosed, but none is known to be actively exploited. These flaws are expected to have a significant impact on the security of Microsoft products, particularly those that rely on .NET and Microsoft SQL Server.
One of the most severe flaws addressed by Microsoft is CVE-2026-21536, which has a CVSS score of 9.8. This allows remote attackers to execute arbitrary code on Microsoft Devices Pricing Program services over the network without privileges or user interaction, marking it as one of the most critical vulnerabilities in Microsoft's March 2026 Patch Tuesday.
Another critical vulnerability is CVE-2026-26110, which enables remote code execution in Microsoft Office through malicious files processed in the Preview Pane. This could potentially allow zero-click exploitation when users simply view documents.
Furthermore, Microsoft has addressed various other vulnerabilities, including a .NET out-of-bounds read that allows unauthenticated remote attackers to cause denial of service against .NET-based apps over the network. Additionally, there is an elevation of privilege flaw in Microsoft SQL Server that lets an authenticated user escalate to full SQL sysadmin privileges on the database server.
In addition to these vulnerabilities, Microsoft has also addressed flaws in its Azure and Hyper-V products, including a vulnerability that allows remote attackers to execute arbitrary code on Microsoft Azure services over the network without privileges or user interaction. Furthermore, there is a flaw in Microsoft's ReFS product that could potentially allow an attacker to read arbitrary files on the file system.
Microsoft has also warned of a ClickFix campaign exploiting Windows Terminal to deliver Lumma Stealer malware. This threat actor targets individuals who are using Windows Terminal, and the attackers have been found to be distributing malicious code through a custom-built script that is designed to evade detection by traditional security systems.
It's worth noting that Microsoft Patch Tuesday security updates for March 2026 fixed 84 bugs across its products. While none of the flaws are known to be actively exploited at this time, it is essential for organizations to take note of these updates and implement them as soon as possible to ensure the security of their networks and systems.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-March-2026-Patch-Tuesday-A-Comprehensive-Look-at-the-Security-Updates-ehn.shtml
https://securityaffairs.com/189266/security/microsoft-patch-tuesday-security-updates-for-march-2026-fixed-84-bugs.html
https://nvd.nist.gov/vuln/detail/CVE-2026-26127
https://www.cvedetails.com/cve/CVE-2026-26127/
https://nvd.nist.gov/vuln/detail/CVE-2026-21262
https://www.cvedetails.com/cve/CVE-2026-21262/
https://nvd.nist.gov/vuln/detail/CVE-2026-21536
https://www.cvedetails.com/cve/CVE-2026-21536/
https://nvd.nist.gov/vuln/detail/CVE-2026-26110
https://www.cvedetails.com/cve/CVE-2026-26110/
Published: Tue Mar 10 19:22:39 2026 by llama3.2 3B Q4_K_M
