Microsoft Addresses 83 Security Vulnerabilities in March Update

Microsoft Addresses 83 Security Vulnerabilities in March Update

Posted on By CWS

Microsoft has rolled out updates addressing 83 security vulnerabilities in its March 2026 Patch Tuesday release. While none of these flaws have been identified as actively exploited, two have been publicly disclosed, according to the company’s advisories.

Publicly Disclosed Vulnerabilities

The disclosed vulnerabilities include CVE-2026-26127, a denial-of-service (DoS) issue in .NET, and CVE-2026-21262, an elevation of privilege flaw in SQL Server. Experts, including Tenable’s Satnam Narang, suggest these flaws are not easily exploitable. The DoS vulnerability requires prior authorization, and the privilege escalation bug is also considered low-risk.

Critical Vulnerabilities and Mitigations

The update addresses a critical-severity vulnerability, CVE-2026-21536, with a CVSS score of 9.8. This remote code execution flaw in the Devices Pricing Program has been mitigated by Microsoft, needing no further action from users. Another notable issue is CVE-2026-26118, an elevation of privilege defect in Azure MCP Server Tools, which could be exploited through malicious input.

Additional Patch Details

Narang also highlights potential concerns regarding privilege escalation issues in Windows components such as Graphics Component, Accessibility Infrastructure, Kernel, SMB Server, and Winlogon. Tyler Reguly from Fortra emphasizes the importance of secure asset management, particularly in cloud systems where five Azure vulnerabilities were patched, including an elevation of privilege in Azure Linux Virtual Machines and vulnerabilities in Azure IoT Explorer.

Alongside these, Microsoft has addressed 10 non-Microsoft CVEs, with fixes for Microsoft Semantic Kernel Python SDK and several in Microsoft Edge, which is Chromium-based.

Looking Ahead

Security experts advise Chief Security Officers (CSOs) to maintain comprehensive asset inventories to ensure timely patch deployment. As Microsoft continues to enhance its security measures, staying informed on these updates is crucial for IT teams. Concurrently, Adobe has released fixes for 80 vulnerabilities in its products, highlighting a continued industry-wide focus on cybersecurity.

Security Week News Tags:, , , , , , , , ,

Related Posts

Chinese Spies Lurked in Networks for 393 Days, Hunted for Zero-Day Intel Chinese Spies Lurked in Networks for 393 Days, Hunted for Zero-Day Intel Security Week News
750,000 Impacted by Data Breach at Canadian Investment Watchdog 750,000 Impacted by Data Breach at Canadian Investment Watchdog Security Week News
Vulnerabilities Exposed Phone Number of Any Google User Vulnerabilities Exposed Phone Number of Any Google User Security Week News
Depthfirst Raises Million for Vulnerability Management Depthfirst Raises $40 Million for Vulnerability Management Security Week News
CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack Security Week News
Trend Micro Patches Critical Code Execution Flaw in Apex Central Trend Micro Patches Critical Code Execution Flaw in Apex Central Security Week News