Skip to main content
Mallory
Mallory

Microsoft March Patch Tuesday Ships 83 Fixes and Windows 11 Cumulative Updates

windows 11patch tuesdaymicrosoft
Updated March 13, 2026 at 04:00 AM17 sources
Microsoft March Patch Tuesday Ships 83 Fixes and Windows 11 Cumulative Updates

Get Ahead of Threats Like This

Know if you're exposed — before adversaries strike.

Microsoft’s March Patch Tuesday security release shipped fixes for 83 vulnerabilities across its enterprise software and services, and was notable for having no actively exploited zero-days for the first time in six months. Microsoft flagged six vulnerabilities as “more likely to be exploited,” and noted two issues—CVE-2026-21262 and CVE-2026-26127—were publicly known at release. Researchers highlighted an Excel information-disclosure issue, CVE-2026-26144, describing a scenario where an attacker could potentially induce a Copilot Agent to exfiltrate data in a zero-click style workflow, and also pointed to Office flaws CVE-2026-26110 and CVE-2026-26113 (CVSS 8.4) that could enable arbitrary code execution via the Office preview pane.

Microsoft also released mandatory Windows 11 cumulative updates KB5079473 (25H2/24H2) and KB5078883 (23H2) that incorporate the March 2026 Patch Tuesday security fixes, along with additional non-security changes. The updates advance build numbers to 26200.8037/26100.8037 (25H2/24H2) and 22631.6783 (23H2), expand “high-confidence device targeting” to increase coverage for automatic delivery of new Secure Boot certificates, and include reliability improvements such as better File Explorer search across drives and changes to Windows Defender Application Control (WDAC) behavior for COM objects (policy listing support).

Related Entities

Vulnerabilities

Remote Code Execution in Microsoft Devices Pricing Program (CVE-2026-21536)Elevation of Privilege in Windows Ancillary Function Driver for WinSock (CVE-2026-25176)Use-After-Free Elevation of Privilege in Windows Kernel (CVE-2026-26132)Microsoft Office Preview Pane RCE via Untrusted Pointer Dereference (CVE-2026-26113)Elevation of Privilege in Windows Accessibility Infrastructure (ATBroker.exe) (CVE-2026-24291)Windows Kernel NDIS Driver Use-After-Free Local Privilege Escalation (CVE-2026-24289)Windows Graphics Component Race Condition Elevation of Privilege (CVE-2026-23668)Windows Kernel Elevation of Privilege via External Control of File Name or Path (CVE-2026-24287)RCE in Microsoft Office Preview Pane (CVE-2026-26110) (CVE-2026-26110).NET Out-of-Bounds Read Denial of Service (CVE-2026-26127)Elevation of Privilege in Windows SMB Server (CVE-2026-24294)Winlogon Elevation of Privilege via Link Following (CVE-2026-25187)Microsoft Excel Copilot Agent Information Disclosure XSS (CVE-2026-26144)Improper Authentication Elevation of Privilege in Azure Arc (CVE-2026-26141)SQL Server Privilege Escalation to sysadmin (CVE-2026-21262)Local Code Execution in Microsoft Office Excel (CVE-2026-26109)Untrusted Search Path RCE in Windows GDI (CVE-2026-25190)Out-of-bounds Read in Windows GDI+ Bitmap Parsing (CVE-2026-25181)SQL Server Elevation of Privilege Vulnerability (CVE-2026-26115)RCE in Microsoft SharePoint Server (CVE-2026-26106)Remote Code Execution in Microsoft SharePoint Server (CVE-2026-26114)

Organizations

Microsoft CorporationPCWorldBleepingComputerKrebsOnSecurityTenableSecurityWeekAdobe

Affected Products

Windows 11Microsoft OfficeWindows ServerMicrosoft Edge (Chromium-Based)Office 2016Windows KernelOffice 2019Payment Orchestrator ServiceWindows Ancillary Function Driver For WinsockMicrosoft 365 CopilotAzure Iot ExplorerMicrosoft Aci Confidential ContainersWindows Graphics ComponentWindows Smb ServerSharepoint Server 2019

Sources

scworld
Dozens of Microsoft flaws patched in latest Patch Tuesday | brief | SC Media
March 11, 2026 at 11:38 PM
arctic wolf blog
Microsoft Patch Tuesday: March 2026 | Arctic Wolf
March 11, 2026 at 05:02 PM
socradar blog
March 2026 Patch Tuesday: 83 Vulnerabilities, Two Publicly Disclosed Zero-Days
March 11, 2026 at 11:20 AM
the hacker news
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
March 11, 2026 at 09:15 AM
thecyberexpress com vulnerabilities
Microsoft Patch Tuesday March 2026: Two Zero-Days and Critical RCE Bugs Fixed - The Cyber Express
March 11, 2026 at 09:09 AM

5 more from sources like outpost24 blog, pcworld, dark reading, cyberthrone and jpcert jp alerts

Related Stories

Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates

Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates

Microsoft released its **February 2026 Patch Tuesday** security updates, addressing **54–58 vulnerabilities** across Windows and other Microsoft products, including **six zero-days** that were **publicly disclosed and/or actively exploited** prior to patch availability. Reported zero-days include `CVE-2026-21514` (Office Word security feature bypass), `CVE-2026-21513` (MSHTML security feature bypass), `CVE-2026-21510` (Windows Shell security feature bypass), `CVE-2026-21533` (Windows Remote Desktop Services elevation of privilege), `CVE-2026-21525` (Windows Remote Access Connection Manager DoS), and `CVE-2026-21519` (Desktop Window Manager elevation of privilege). The broader release spans common bug classes such as **RCE**, **EoP**, **information disclosure**, **spoofing**, **DoS**, and **security feature bypass**, with multiple **Critical** issues also called out, including Azure Compute Gallery flaws impacting *ACI Confidential Containers* (`CVE-2026-23655`, `CVE-2026-21522`). As part of the February Windows updates, Microsoft also began a **phased rollout of updated Secure Boot certificates** to replace the original **2011 certificates** ahead of their expiration in **late June 2026**, using “targeting data” and “successful update signals” to control deployment. Windows 11 cumulative updates (including **KB5077181** and **KB5075941**) were released as mandatory Patch Tuesday packages for supported Windows 11 versions, bundling the security fixes alongside additional reliability and feature changes. Separately, Adobe issued February security bulletins covering **44 CVEs** across multiple Creative Cloud products; those Adobe issues were not listed as publicly known or under active attack at release.

1 months ago
Microsoft January Patch Tuesday Security Updates for Windows 10/11

Microsoft January Patch Tuesday Security Updates for Windows 10/11

Microsoft shipped its January Patch Tuesday security updates for **Windows 10** (including ESU/LTSC) and **Windows 11**, addressing a large set of vulnerabilities and rolling in additional platform hardening changes. Windows 10’s *KB5073724* (ESU) updates systems to build `19045.6809` (and LTSC 2021 to `19044.6809`) and includes security/bug fixes plus a phased update to handle **expiring Secure Boot certificates**; it also removes legacy **Agere modem drivers** (`agrsm64.sys`, `agrsm.sys`, `smserl64.sys`, `smserial.sys`), which can break dependent modem hardware. Windows 11 cumulative updates *KB5074109* (25H2/24H2) and *KB5073455* (23H2) are mandatory and include fixes for issues such as WSL mirrored networking failures (“No route to host”) impacting VPN access and RemoteApp connection failures in Azure Virtual Desktop environments. Third-party analysis of the same Patch Tuesday release reported **112 vulnerabilities** (with **8 marked critical**) and at least one vulnerability observed exploited in the wild: **CVE-2026-20805**. The critical issues highlighted include multiple **remote code execution** vulnerabilities across Windows components and Office applications (including **LSASS**, Word, Excel, and Office), plus **elevation of privilege** flaws such as **CVE-2026-20822** (Windows Graphics Component, use-after-free leading to potential SYSTEM privileges) and **CVE-2026-20854** (LSASS RCE over the network without requiring elevated privileges). Organizations should prioritize rapid deployment of the January Windows updates, with particular attention to exploited-in-the-wild items and critical RCE/EoP paths.

2 months ago
Microsoft March 2026 Patch Tuesday Fixes Two Zero-Days and Dozens of Vulnerabilities

Microsoft March 2026 Patch Tuesday Fixes Two Zero-Days and Dozens of Vulnerabilities

Microsoft’s March 2026 Patch Tuesday shipped fixes for **79 vulnerabilities**, including **two zero-day flaws**. Public reporting and third-party patch reviews highlight a mix of *Important* and *Critical* issues across Microsoft’s ecosystem, including **.NET** (`CVE-2026-26127` DoS; `CVE-2026-26131` EoP), **Active Directory Domain Services** (`CVE-2026-25177` EoP), **ASP.NET Core** (`CVE-2026-26130` DoS), and multiple Azure components such as **ACI Confidential Containers** (`CVE-2026-23651`, `CVE-2026-26124` EoP; `CVE-2026-26122` information disclosure) and **Azure IoT Explorer** (`CVE-2026-26121` spoofing; `CVE-2026-23661/23662/23664` information disclosure). Independent analysis (ZDI and SANS ISC) corroborated the breadth of affected products and provided additional scoring/metadata, including CVSS ratings and exploitability flags. ZDI’s review also called out additional *Critical* items in the release such as **Microsoft Office RCE** (`CVE-2026-26110`, `CVE-2026-26113`) and other high-impact vulnerabilities, while SANS ISC’s Patch Tuesday coverage additionally noted bundled **Chromium**-tracked fixes (multiple `CVE-2026-3536` through `CVE-2026-3544` entries) that commonly map to Microsoft’s browser/embedded Chromium components. Organizations should prioritize patching systems exposed to untrusted content or authentication boundaries (e.g., Office, AD DS, Azure agents/extensions) and validate deployment coverage across both Windows and cloud-connected workloads.

5 days ago

Get Ahead of Threats Like This

Mallory continuously monitors global threat intelligence and correlates it with your attack surface. Know if you're exposed — before adversaries strike.