Ethical Hacking News
Microsoft has released patches for 84 new security vulnerabilities, including two publicly disclosed zero-days. The update includes fixes for various categories of bugs, with a focus on privilege escalation, remote code execution, information disclosure, and security feature bypass flaws. Among these are two zero-day vulnerabilities affecting .NET and SQL Server, which pose significant threats to organizations.
Microsoft has released patches for 84 new security vulnerabilities. The update includes fixes for privilege escalation, remote code execution, information disclosure, and security feature bypass flaws. Aware of two publicly disclosed zero-days: CVE-2026-26127 (7.5) and CVE-2026-21262 (8.8). The two zero-day vulnerabilities affect .NET and SQL Server, posing significant threats to organizations. Microsoft is enhancing its security posture through initiatives like Windows Autopatch with hotpatch security updates.
Microsoft has released a set of patches for 84 new security vulnerabilities, including two that have been publicly disclosed as zero-days. This latest Patch Tuesday update marks an important milestone for the tech giant, as it highlights the ever-evolving nature of cybersecurity threats and the need for organizations to stay vigilant in protecting themselves against these risks.
The 84 vulnerabilities addressed by Microsoft are comprised of various categories, with eight being rated Critical in severity. These critical flaws include privilege escalation, remote code execution, information disclosure, spoofing, denial-of-service, and security feature bypass bugs. Among these, the two publicly disclosed zero-days, CVE-2026-26127 (CVSS score: 7.5) and CVE-2026-21262 (CVSS score: 8.8), pose a significant threat to organizations.
The first of the two publicly known vulnerabilities is CVE-2026-26127, which affects .NET and has been rated with a CVSS score of 7.5. This vulnerability involves a denial-of-service condition that can be exploited by an attacker to cause system instability and crashes. Microsoft has attributed the discovery of this flaw to AI-powered autonomous vulnerability discovery platform XBOW.
On the other hand, CVE-2026-21262 is an elevation of privilege vulnerability in SQL Server with a CVSS score of 8.8. This vulnerability involves a security feature bypass bug that can be exploited by an attacker to gain elevated privileges on systems where the affected software is installed. Microsoft has also acknowledged the discovery of this flaw, crediting AI-powered autonomous vulnerability discovery platform XBOW for identifying it.
The patches released by Microsoft include fixes for various other vulnerabilities as well, including 46 related to privilege escalation, 18 remote code execution, 10 information disclosure, four spoofing, four denial-of-service, and two security feature bypass flaws. These patches cover a wide range of software components, underscoring the comprehensive nature of the update.
Among the Critical-severity bugs resolved by Microsoft is an information disclosure flaw in Excel. Tracked as CVE-2026-26144 (CVSS score of 7.5), this vulnerability involves cross-site scripting that occurs due to improper neutralization of input during web page generation. If exploited, attackers could cause Copilot Agent mode to exfiltrate data without triggering obvious alerts, posing a significant threat to organizations using AI-assisted productivity features.
The patches released by Microsoft also highlight the company's efforts to improve its security posture through various initiatives. For instance, Microsoft has announced that it is changing the default behavior of Windows Autopatch by enabling hotpatch security updates. This change aims to help secure devices at a faster pace, particularly for organizations using the service via Microsoft Graph API.
The updated feature will enable security fixes without the need for a restart, allowing organizations to achieve 90% compliance in half the time they previously required. This change is part of Microsoft's efforts to enhance its Windows Autopatch service and improve the overall security posture of its products.
In conclusion, the latest Patch Tuesday update from Microsoft serves as a reminder of the ever-evolving nature of cybersecurity threats and the importance of staying vigilant in protecting oneself against these risks. The company's comprehensive approach to addressing vulnerabilities and its ongoing efforts to enhance its security posture underscore the need for organizations to remain proactive in safeguarding their systems.
Summary:
Microsoft has released patches for 84 new security vulnerabilities, including two publicly disclosed zero-days. The update includes fixes for various categories of bugs, with a focus on privilege escalation, remote code execution, information disclosure, and security feature bypass flaws. Among these are two zero-day vulnerabilities affecting .NET and SQL Server, which pose significant threats to organizations.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-Patches-84-Flaws-in-March-Patch-Tuesday-Including-Two-Public-Zero-Days-ehn.shtml
https://thehackernews.com/2026/03/microsoft-patches-84-flaws-in-march.html
https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2026-patch-tuesday-fixes-2-zero-days-79-flaws/
https://nvd.nist.gov/vuln/detail/CVE-2026-26127
https://www.cvedetails.com/cve/CVE-2026-26127/
https://nvd.nist.gov/vuln/detail/CVE-2026-21262
https://www.cvedetails.com/cve/CVE-2026-21262/
https://nvd.nist.gov/vuln/detail/CVE-2026-26144
https://www.cvedetails.com/cve/CVE-2026-26144/
Published: Wed Mar 11 05:21:29 2026 by llama3.2 3B Q4_K_M
