Microsoft March Patch Tuesday Ships 83 Fixes and Windows 11 Cumulative Updates
Microsoft’s March Patch Tuesday security release shipped fixes for 83 vulnerabilities across its enterprise software and services, and was notable for having no actively exploited zero-days for the first time in six months. Microsoft flagged six vulnerabilities as “more likely to be exploited,” and noted two issues—CVE-2026-21262 and CVE-2026-26127—were publicly known at release. Researchers highlighted an Excel information-disclosure issue, CVE-2026-26144, describing a scenario where an attacker could potentially induce a Copilot Agent to exfiltrate data in a zero-click style workflow, and also pointed to Office flaws CVE-2026-26110 and CVE-2026-26113 (CVSS 8.4) that could enable arbitrary code execution via the Office preview pane.
Microsoft also released mandatory Windows 11 cumulative updates KB5079473 (25H2/24H2) and KB5078883 (23H2) that incorporate the March 2026 Patch Tuesday security fixes, along with additional non-security changes. The updates advance build numbers to 26200.8037/26100.8037 (25H2/24H2) and 22631.6783 (23H2), expand “high-confidence device targeting” to increase coverage for automatic delivery of new Secure Boot certificates, and include reliability improvements such as better File Explorer search across drives and changes to Windows Defender Application Control (WDAC) behavior for COM objects (policy listing support).
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
JPCERT/CC issues advisory on Microsoft March 2026 updates
On 2026-03-11, JPCERT/CC published advisory JPCERT-AT-2026-0005 warning that vulnerabilities fixed in Microsoft's March 2026 updates could allow remote code execution. It urged organizations to review Microsoft's guidance and apply the relevant updates through Microsoft Update, Windows Update, or the Update Catalog.
Microsoft announces Autopatch hotpatching will become default in May 2026
In connection with the March 2026 Patch Tuesday cycle, Microsoft said Windows Autopatch defaults would change to enable hotpatch security updates for eligible devices starting with the May 2026 Windows security update. This signaled an upcoming change in how some enterprise systems will receive security fixes.
Microsoft releases Windows 11 March 2026 cumulative updates
On 2026-03-10, Microsoft released mandatory Windows 11 cumulative updates KB5079473 for versions 25H2/24H2 and KB5078883 for version 23H2. The updates addressed security issues and bugs, expanded Secure Boot certificate targeting, and added features including built-in Sysmon as an optional native Windows feature.
Microsoft says Devices Pricing Program RCE was already mitigated
Microsoft included CVE-2026-21536, a critical remote code execution flaw in the Microsoft Devices Pricing Program, in the March 2026 disclosures and stated the issue had already been fully mitigated server-side. Multiple reports noted that no customer action was required for this specific vulnerability.
Microsoft patches critical Office and Excel flaws with preview-pane and Copilot risk
Microsoft fixed critical Office remote code execution vulnerabilities CVE-2026-26110 and CVE-2026-26113, which can be triggered through the Office Preview Pane, as well as Excel information disclosure flaw CVE-2026-26144. Researchers noted the Excel issue could enable zero-click style data exfiltration through Microsoft 365 Copilot Agent mode.
Microsoft fixes two publicly disclosed vulnerabilities in SQL Server and .NET
The March 2026 release patched CVE-2026-21262, a SQL Server privilege-escalation flaw that could let an authorized user gain sysadmin privileges, and CVE-2026-26127, a .NET denial-of-service bug. Both issues were publicly known before patches were released, but Microsoft reported no evidence of in-the-wild exploitation.
Microsoft releases March 2026 Patch Tuesday security updates
On 2026-03-10, Microsoft issued its March 2026 Patch Tuesday updates, fixing roughly 79-84 vulnerabilities across Windows, Office, SQL Server, Azure, .NET, Edge, and other products. Microsoft said none of the addressed flaws were known to be actively exploited at release time, though two had been publicly disclosed.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
18 references tracked. Mallory keeps watching after this page renders.
Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
nsfocusglobal.com
Open sourceDozens of Microsoft flaws patched in latest Patch Tuesday | brief | SC Media
scworld.com
Open sourceMicrosoft Patch Tuesday: March 2026 | Arctic Wolf
arcticwolf.com
Open sourceMarch 2026 Patch Tuesday: 83 Vulnerabilities, Two Publicly Disclosed Zero-Days
socradar.io
Open sourceMicrosoft’s monthly Patch Tuesday is first in 6 months with no actively exploited zero-days | CyberScoop
cyberscoop.com
Open sourceWindows 11 KB5079473 & KB5078883 cumulative updates released
bleepingcomputer.com
Open sourceMicrosoft Patch Tuesday for March 2026 - Snort rules and prominent vulnerabilities
blog.talosintelligence.com
Open sourceMicrosoft Patch Tuesday, March 2026 Edition - Krebs on Security
krebsonsecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates
Microsoft released its **February 2026 Patch Tuesday** security updates, addressing **54–58 vulnerabilities** across Windows and other Microsoft products, including **six zero-days** that were **publicly disclosed and/or actively exploited** prior to patch availability. Reported zero-days include `CVE-2026-21514` (Office Word security feature bypass), `CVE-2026-21513` (MSHTML security feature bypass), `CVE-2026-21510` (Windows Shell security feature bypass), `CVE-2026-21533` (Windows Remote Desktop Services elevation of privilege), `CVE-2026-21525` (Windows Remote Access Connection Manager DoS), and `CVE-2026-21519` (Desktop Window Manager elevation of privilege). The broader release spans common bug classes such as **RCE**, **EoP**, **information disclosure**, **spoofing**, **DoS**, and **security feature bypass**, with multiple **Critical** issues also called out, including Azure Compute Gallery flaws impacting *ACI Confidential Containers* (`CVE-2026-23655`, `CVE-2026-21522`). As part of the February Windows updates, Microsoft also began a **phased rollout of updated Secure Boot certificates** to replace the original **2011 certificates** ahead of their expiration in **late June 2026**, using “targeting data” and “successful update signals” to control deployment. Windows 11 cumulative updates (including **KB5077181** and **KB5075941**) were released as mandatory Patch Tuesday packages for supported Windows 11 versions, bundling the security fixes alongside additional reliability and feature changes. Separately, Adobe issued February security bulletins covering **44 CVEs** across multiple Creative Cloud products; those Adobe issues were not listed as publicly known or under active attack at release.
Mar 21, 2026
Microsoft Patch Tuesday Fixes 79 CVEs, Including Exploited Windows Flaws
Microsoft released fixes for **79 vulnerabilities** across 11 product families, including **7 Critical** issues and multiple flaws already exploited or associated with exploited conditions. The most significant actively exploited bugs were **`CVE-2024-38014`** in **Windows Installer** and **`CVE-2024-38217`** in **Windows Mark of the Web**, while **`CVE-2024-43491`** in the **Windows Update servicing stack** was highlighted as a high-severity risk for supported **Windows 10 version 1507 LTSB** and **IoT Enterprise 2015 LTSB** systems. Windows accounted for **47** of the patched CVEs, with **SQL Server** receiving fixes for **13** vulnerabilities and **SharePoint** affected by several high-risk remote code execution flaws that Microsoft said were more likely to be exploited within 30 days. Microsoft also noted that **Windows 11 24H2** is affected by **29** CVEs, including two already exploited in the wild, and the release referenced three **Adobe** vulnerabilities, including **`CVE-2024-41869`**, a critical **Adobe Reader** use-after-free flaw for which a workable exploit was already available.
Jan 1, 2026
Microsoft January Patch Tuesday Security Updates for Windows 10/11
Microsoft shipped its January Patch Tuesday security updates for **Windows 10** (including ESU/LTSC) and **Windows 11**, addressing a large set of vulnerabilities and rolling in additional platform hardening changes. Windows 10’s *KB5073724* (ESU) updates systems to build `19045.6809` (and LTSC 2021 to `19044.6809`) and includes security/bug fixes plus a phased update to handle **expiring Secure Boot certificates**; it also removes legacy **Agere modem drivers** (`agrsm64.sys`, `agrsm.sys`, `smserl64.sys`, `smserial.sys`), which can break dependent modem hardware. Windows 11 cumulative updates *KB5074109* (25H2/24H2) and *KB5073455* (23H2) are mandatory and include fixes for issues such as WSL mirrored networking failures (“No route to host”) impacting VPN access and RemoteApp connection failures in Azure Virtual Desktop environments. Third-party analysis of the same Patch Tuesday release reported **112 vulnerabilities** (with **8 marked critical**) and at least one vulnerability observed exploited in the wild: **CVE-2026-20805**. The critical issues highlighted include multiple **remote code execution** vulnerabilities across Windows components and Office applications (including **LSASS**, Word, Excel, and Office), plus **elevation of privilege** flaws such as **CVE-2026-20822** (Windows Graphics Component, use-after-free leading to potential SYSTEM privileges) and **CVE-2026-20854** (LSASS RCE over the network without requiring elevated privileges). Organizations should prioritize rapid deployment of the January Windows updates, with particular attention to exploited-in-the-wild items and critical RCE/EoP paths.
Mar 21, 2026