After last month's huge security replace, Microsoft's Patch Tuesday push for March seems moderately light, withtwo publicly disclosed zero-day flaws among the 83 vulnerabilities fixed in complete.
The breakdown of security flaws is as follows, in step with BleepingComputer: 46 elevation-of-privilege vulnerabilities, two security feature bypass vulnerabilities, 18 faraway-code-execution vulnerabilities, 10 knowledge disclosure vulnerabilities, four denial of provider vulnerabilities, and 4 spoofing vulnerabilities. Two of the faraway code execution vulnerabilities and one of the most guidelines disclosure vulnerabilities are labeled “fundamental.”
Patch Tuesday is frequently pushed at 10 am PT on the 2d Tuesday of every month.
Two publicly disclosed zero-days for this Patch Tuesday
Zero-day vulnerabilities are flaws which had been either actively exploited or publicly disclosed sooner than an legit fix is made on hand by the developer. This month, every of the zero days being patched had been publicly disclosed, however Microsoft hasn't indicated that either has been actively exploited by attackers.
The major, labeled CVE-2026-21262, is an elevation of privilege vulnerability in the SQL Server that grants SQLAdmin privileges to a licensed attacker over a community. Erland Sommarskog has been credited with discovery. The 2d zero-day, labeled CVE-2026-26127, is a .NET denial of provider vulnerability that has been attributed to an anonymous researcher.
The March replace also includes two patches for faraway code execution vulnerabilities in Microsoft Space of labor and a handful of fixes for flaws in Microsoft Excel, so customers might composed make certain these applications are up to this level as successfully.
