Skip to main content
Mallory
Mallory

Microsoft March 2026 Patch Tuesday Fixes Two Zero-Days and Dozens of Vulnerabilities

patch tuesdayzero-dayvulnerabilityprivilege escalationmicrosoftcvssmicrosoft officeasp.net coreremote code executionazurewindowsazure iot explorer
Updated March 11, 2026 at 08:00 PM7 sources
Microsoft March 2026 Patch Tuesday Fixes Two Zero-Days and Dozens of Vulnerabilities

Get Ahead of Threats Like This

Know if you're exposed — before adversaries strike.

Microsoft’s March 2026 Patch Tuesday shipped fixes for 79 vulnerabilities, including two zero-day flaws. Public reporting and third-party patch reviews highlight a mix of Important and Critical issues across Microsoft’s ecosystem, including .NET (CVE-2026-26127 DoS; CVE-2026-26131 EoP), Active Directory Domain Services (CVE-2026-25177 EoP), ASP.NET Core (CVE-2026-26130 DoS), and multiple Azure components such as ACI Confidential Containers (CVE-2026-23651, CVE-2026-26124 EoP; CVE-2026-26122 information disclosure) and Azure IoT Explorer (CVE-2026-26121 spoofing; CVE-2026-23661/23662/23664 information disclosure).

Independent analysis (ZDI and SANS ISC) corroborated the breadth of affected products and provided additional scoring/metadata, including CVSS ratings and exploitability flags. ZDI’s review also called out additional Critical items in the release such as Microsoft Office RCE (CVE-2026-26110, CVE-2026-26113) and other high-impact vulnerabilities, while SANS ISC’s Patch Tuesday coverage additionally noted bundled Chromium-tracked fixes (multiple CVE-2026-3536 through CVE-2026-3544 entries) that commonly map to Microsoft’s browser/embedded Chromium components. Organizations should prioritize patching systems exposed to untrusted content or authentication boundaries (e.g., Office, AD DS, Azure agents/extensions) and validate deployment coverage across both Windows and cloud-connected workloads.

Related Entities

Vulnerabilities

Use-After-Free Elevation of Privilege in Microsoft Brokering File System (CVE-2026-25167)Elevation of Privilege in Windows SMB Server (CVE-2026-26128)Use-After-Free Elevation of Privilege in Windows Kernel (CVE-2026-26132)Elevation of Privilege in Windows SMB Server (CVE-2026-24294)Use-After-Free in Windows Connected Devices Platform Service (Cdpsvc) Local Privilege Escalation (CVE-2026-24292)Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2026-25177)Windows Kernel Use-After-Free Local Privilege Escalation (CVE-2026-24289)Windows Graphics Component Race Condition Elevation of Privilege (CVE-2026-23668)Deserialization of Untrusted Data in Windows System Image Manager (CVE-2026-25166)Windows Kernel Elevation of Privilege via External Control of File Name or Path (CVE-2026-24287)Denial of Service in Microsoft Windows Graphics Component (CVE-2026-25168)Use-After-Free Elevation of Privilege in Windows Hyper-V (CVE-2026-25170)Divide-by-Zero DoS in Microsoft Windows Graphics Component (CVE-2026-25169)Elevation of Privilege in Windows Ancillary Function Driver for WinSock (CVE-2026-24293)Elevation of Privilege in Windows Multiple UNC Provider Kernel Driver (CVE-2026-24283)Windows Kerberos Security Feature Bypass Race Condition (CVE-2026-24297)Use-After-Free Elevation of Privilege in Windows DWM Core Library (CVE-2026-25189)Information Disclosure in Windows Graphics Component (CVE-2026-25180)Elevation of Privilege in Windows Ancillary Function Driver for WinSock (CVE-2026-25176)Elevation of Privilege in Windows Ancillary Function Driver for WinSock (CVE-2026-25179)Use-After-Free Elevation of Privilege in Windows Ancillary Function Driver for WinSock (CVE-2026-25178)Elevation of Privilege in Windows Projected File System (CVE-2026-24290)Out-of-bounds read in Windows Extensible File Allocation Table (CVE-2026-25174)Use-After-Free Elevation of Privilege in Windows Authentication Methods (CVE-2026-25171)Windows Telephony Service Heap-Based Buffer Overflow Privilege Escalation (CVE-2026-25188)Spoofing via Windows Shell Link Processing (CVE-2026-25185)Elevation of Privilege in Windows Device Association Service Race Condition (CVE-2026-24295)Elevation of Privilege in Windows NTFS Out-of-Bounds Read (CVE-2026-25175)Elevation of Privilege in Windows Device Association Service Race Condition (CVE-2026-24296)Integer Overflow RCE in Windows RRAS (CVE-2026-26111)Elevation of Privilege in Windows Accessibility Infrastructure (ATBroker.exe) (CVE-2026-24291)Elevation of Privilege in Windows ReFS Out-of-Bounds Read (CVE-2026-23673)Windows Print Spooler Use-After-Free Remote Code Execution (CVE-2026-23669)Windows Win32k Use-After-Free Elevation of Privilege (CVE-2026-24285)Integer Overflow RCE in Windows RRAS (CVE-2026-25173)Heap-based Buffer Overflow in Windows Mobile Broadband (CVE-2026-24288)Elevation of Privilege in Windows Bluetooth RFCOM Protocol Driver (CVE-2026-23671)RCE in Windows Routing and Remote Access Service (RRAS) Management Tool (CVE-2026-25172)Elevation of Privilege in Windows Performance Counters (CVE-2026-25165)Untrusted Search Path RCE in Windows GDI (CVE-2026-25190)Out-of-bounds Read in Windows GDI+ Bitmap Parsing (CVE-2026-25181)Winlogon Elevation of Privilege via Link Following (CVE-2026-25187)Information Disclosure in Windows Accessibility Infrastructure (ATBroker.exe) (CVE-2026-25186)Elevation of Privilege in Windows Universal Disk Format File System Driver (UDFS) (CVE-2026-23672)

Organizations

Microsoft CorporationGitHubGoogle

Affected Products

Microsoft OfficeNetMicrosoft Edge (Chromium-Based)Azure Mcp Server ToolsAsp.Net CoreWindows Smb ServerWindows KernelActive Directory Domain ServicesWindows Hyper-VMicrosoft AuthenticatorAzure Connected Machine AgentAzure Iot ExplorerAzure Ad Ssh Login Extension For LinuxLinux Azure Diagnostic Extension (Lad)Windows KerberosWindows Graphics ComponentWindows Routing And Remote Access Service (Rras)Microsoft Aci Confidential ContainersWindows Projected File SystemWindows NtfsWindows Dwm Core LibraryChromiumWindows Shell Link ProcessingAzure Entra IdWindows Telephony ServiceWindows Connected Devices Platform ServiceWindows Print SpoolerAzure ArcWindows Mobile Broadband DriverWindows Device Association ServiceWindows Ancillary Function Driver For WinsockSystem Center Operations ManagerCbl MarinerAzure Container Instances (Aci) Confidential Containers

Sources

lansweeper blog
Microsoft Patch Tuesday - March 2026 - Lansweeper
March 10, 2026 at 07:49 PM
zdi blog
Zero Day Initiative - The March 2026 Security Update Review
March 10, 2026 at 12:00 AM
handlers diary full
Microsoft Patch Tuesday March 2026 - SANS Internet Storm Center
March 10, 2026 at 12:00 AM
bleeping computer
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
March 10, 2026 at 12:00 AM
zerodayinitiative blog
Zero Day Initiative - The March 2026 Security Update Review
March 10, 2026 at 12:00 AM

2 more from sources like handlers diary full and rapid7 blog

Related Stories

Microsoft January Patch Tuesday Fixes 114 Vulnerabilities Including Three Zero-Days

Microsoft January Patch Tuesday Fixes 114 Vulnerabilities Including Three Zero-Days

Microsoft’s January Patch Tuesday security updates addressed **114 vulnerabilities**, including **three zero-days** reported as publicly known and/or exploited. Reported issues span multiple Windows and Microsoft product components, including **Desktop Window Manager (DWM)**, legacy modem drivers, and core OS services, with a mix of **information disclosure**, **elevation of privilege (EoP)**, **security feature bypass**, and **remote code execution (RCE)** flaws. Technical highlights called out include **CVE-2023-31096** (Windows Agere Soft Modem Driver EoP), **CVE-2026-20805** (DWM information disclosure), and a **Secure Boot certificate expiration** security feature bypass (**CVE-2026-21265**). The update set also includes multiple **Office/Excel/Word RCE** vulnerabilities (e.g., **CVE-2026-20952**, **CVE-2026-20953**, **CVE-2026-20955**, **CVE-2026-20957**, **CVE-2026-20944**), Windows privilege-escalation issues (e.g., **Windows Graphics Component** and **VBS Enclave** EoP), and cloud/agent components such as **Azure Connected Machine Agent** (**CVE-2026-21224**) and **Azure Core shared client library for Python** (**CVE-2026-21226**).

2 months ago
Microsoft Patch Tuesday Fixes Six Actively Exploited Zero-Days Including Windows Shell SmartScreen Bypass

Microsoft Patch Tuesday Fixes Six Actively Exploited Zero-Days Including Windows Shell SmartScreen Bypass

Microsoft released its February Patch Tuesday security updates addressing **~58–59 vulnerabilities** across Windows and other products, including **six zero-day flaws confirmed as actively exploited in the wild** and **five Critical** issues. Reported vulnerability classes were led by **Elevation of Privilege (25)**, followed by **Remote Code Execution (12)** and **Security Feature Bypass (5)**, with additional fixes for spoofing, information disclosure, DoS, and XSS; Microsoft also noted additional *Edge* fixes shipped outside the prior Patch Tuesday cadence, including an Android spoofing issue (`CVE-2026-0391`). One of the actively exploited zero-days highlighted across reporting is `CVE-2026-21510`, a **Windows Shell security feature bypass** that can be abused to evade **Mark-of-the-Web/SmartScreen-style warnings** by using specially crafted files (e.g., shortcut/link formats) so that untrusted content can execute without expected prompts, making it well-suited to phishing and social-engineering delivery. Separate coverage also noted Microsoft’s rollout of **updated Secure Boot certificates** ahead of the June 2026 expiration of legacy 2011 certificates, a change with broad implications for Windows boot integrity and enterprise device management.

1 months ago
Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates

Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates

Microsoft released its **February 2026 Patch Tuesday** security updates, addressing **54–58 vulnerabilities** across Windows and other Microsoft products, including **six zero-days** that were **publicly disclosed and/or actively exploited** prior to patch availability. Reported zero-days include `CVE-2026-21514` (Office Word security feature bypass), `CVE-2026-21513` (MSHTML security feature bypass), `CVE-2026-21510` (Windows Shell security feature bypass), `CVE-2026-21533` (Windows Remote Desktop Services elevation of privilege), `CVE-2026-21525` (Windows Remote Access Connection Manager DoS), and `CVE-2026-21519` (Desktop Window Manager elevation of privilege). The broader release spans common bug classes such as **RCE**, **EoP**, **information disclosure**, **spoofing**, **DoS**, and **security feature bypass**, with multiple **Critical** issues also called out, including Azure Compute Gallery flaws impacting *ACI Confidential Containers* (`CVE-2026-23655`, `CVE-2026-21522`). As part of the February Windows updates, Microsoft also began a **phased rollout of updated Secure Boot certificates** to replace the original **2011 certificates** ahead of their expiration in **late June 2026**, using “targeting data” and “successful update signals” to control deployment. Windows 11 cumulative updates (including **KB5077181** and **KB5075941**) were released as mandatory Patch Tuesday packages for supported Windows 11 versions, bundling the security fixes alongside additional reliability and feature changes. Separately, Adobe issued February security bulletins covering **44 CVEs** across multiple Creative Cloud products; those Adobe issues were not listed as publicly known or under active attack at release.

1 months ago

Get Ahead of Threats Like This

Mallory continuously monitors global threat intelligence and correlates it with your attack surface. Know if you're exposed — before adversaries strike.