Ethical Hacking News
In this month's Patch Tuesday, Microsoft has addressed 79 vulnerabilities, including two zero-days, in its Windows and Office applications. Users are advised to update their systems promptly to minimize potential threats.
Microsoft released 79 security updates on March 2026 Patch Tuesday, addressing a total of 79 vulnerabilities, including two zero-day flaws.The updates include fixes for Elevation of Privilege Vulnerabilities (46), Security Feature Bypass Vulnerabilities (2), Remote Code Execution Vulnerabilities (18), Information Disclosure Vulnerabilities (10), Denial of Service Vulnerables (4), and Spoofing Vulnerabilities (4).Two zero-days were addressed: CVE-2026-21262 - SQL Server Elevation of Privilege Vulnerability and CVE-2026-26127 - .NET Denial of Service Vulnerability.Other vendors, including Adobe, Cisco, Fortinet, Google, HPE, SAP, have also released security patches in March 2026.
Microsoft's March 2026 Patch Tuesday brings a multitude of security updates, addressing a total of 79 vulnerabilities, including two publicly disclosed zero-day flaws. These updates are crucial in enhancing the security posture of Windows users and mitigating potential threats to Microsoft Office applications.
According to reports from Lawrence Abrams, the owner and Editor-in-Chief of BleepingComputer.com, this month's Patch Tuesday fixes 2 zero-days, 79 flaws. The number of bugs in each vulnerability category is as follows: Elevation of Privilege Vulnerabilities (46), Security Feature Bypass Vulnerabilities (2), Remote Code Execution Vulnerabilities (18), Information Disclosure Vulnerabilities (10), Denial of Service Vulnerables (4), and Spoofing Vulnerabilities (4).
Among these updates, two zero-days were addressed. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available. The two publicly disclosed zero-days are CVE-2026-21262 - SQL Server Elevation of Privilege Vulnerability and CVE-2026-26127 - .NET Denial of Service Vulnerability.
CVE-2026-21262 - SQL Server Elevation of Privilege Vulnerability grants SQLAdmin privileges, allowing an authorized attacker to elevate privileges over a network. Microsoft has patched this flaw, citing "Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network." The discovery of this flaw is credited to Erland Sommarskog.
CVE-2026-26127 - .NET Denial of Service Vulnerability is caused by "Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network." This flaw was attributed to an anonymous researcher, and Microsoft has also fixed two remote code execution bugs (CVE-2026-26110 and CVE-2026-26113) in Microsoft Office, which can be exploited via the preview pane.
One of the most critical vulnerabilities addressed by this month's Patch Tuesday is the Microsoft Excel information disclosure flaw, denoted as CVE-2026-26144. This vulnerability could be used to exfiltrate data via Microsoft Copilot and allows an attacker to potentially cause Copilot Agent mode to exfiltrate data via unintended network egress, enabling zero-click information disclosure attacks.
In addition to these updates, other vendors have released security patches in March 2026, including Adobe, Cisco, Fortinet, Google, HPE, SAP. These updates address a range of vulnerabilities and are crucial for enhancing the overall security posture of users' systems.
Among the vendors mentioned, Microsoft has addressed numerous vulnerabilities in various components of its ecosystem, including Windows, Office applications, Azure services, and devices. The comprehensive nature of these updates underscores Microsoft's commitment to delivering timely and effective security patches.
Furthermore, this month's Patch Tuesday highlights the importance of maintaining a robust cybersecurity posture. With 79 vulnerabilities addressed and two zero-days patched, users are reminded to prioritize updating their systems and applications regularly to minimize potential threats.
In conclusion, Microsoft March 2026 Patch Tuesday is a significant event in the realm of cybersecurity. The numerous updates delivered address various types of vulnerabilities, including zero-days, elevation-of-privilege flaws, denial-of-service issues, and information disclosure vulnerabilities. These updates underscore the importance of regular patching and highlight the need for users to stay vigilant in maintaining their systems' security.
In this month's Patch Tuesday, Microsoft has addressed 79 vulnerabilities, including two zero-days, in its Windows and Office applications. Users are advised to update their systems promptly to minimize potential threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-March-2026-Patch-Tuesday-Brings-Significant-Security-Updates-for-Windows-and-Office-Users-ehn.shtml
https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2026-patch-tuesday-fixes-2-zero-days-79-flaws/
https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2026-patch-tuesday-fixes-6-zero-days-58-flaws/
https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html
https://nvd.nist.gov/vuln/detail/CVE-2026-21262
https://www.cvedetails.com/cve/CVE-2026-21262/
https://nvd.nist.gov/vuln/detail/CVE-2026-26127
https://www.cvedetails.com/cve/CVE-2026-26127/
https://nvd.nist.gov/vuln/detail/CVE-2026-26110
https://www.cvedetails.com/cve/CVE-2026-26110/
https://nvd.nist.gov/vuln/detail/CVE-2026-26113
https://www.cvedetails.com/cve/CVE-2026-26113/
https://nvd.nist.gov/vuln/detail/CVE-2026-26144
https://www.cvedetails.com/cve/CVE-2026-26144/
Published: Tue Mar 10 13:14:13 2026 by llama3.2 3B Q4_K_M
