Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)

Microsoft today released patches for 93 vulnerabilities, including 9 vulnerabilities in Chromium affecting Microsoft Edge. 8 of the vulnerabilities are rated critical. 2 were disclosed prior to today but have not yet been exploited. This update addresses no already-exploited vulnerabilities.

Disclose vulnerabilities:

CVE-2026-26127: A denial of service vulnerability in .Net. Microsoft considers exploitation unlikely. The issue arises from an out-of-bounds read and can be exploited across the network. No authentication is required.

CVE-2026-21262: A privilege escalation in SQL Server. An authenticated user may be able to escalate privileges to sysadmin.

Critical Vulnerabilities:

CVE-2026-21536: The vulnerability in Microsoft’s Devices Pricing Program allows remote code execution. But this product is only offered as a cloud service, and Microsoft has already deployed the patch. Microsoft credits the AI vulnerability scanning platform XBOW with discovering this vulnerability.

CVE-2026-26125: Similar to the above vulnerability, this elevation-of-privilege vulnerability in Microsoft’s Payment Orchestrator service has been mitigated by Microsoft.

CVE-2026-26113, CVE-2026-26110, CVE-2026-26144: These vulnerabilities affect Excel and Office.

CVE-2026-23651, CVE-2026-26124, CVE-2026-26122: These vulnerabilities affect Microsoft ACI Confidential Containers. No customer action is required. Microsoft already patched these issues.

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
.NET Denial of Service Vulnerability
%%cve:2026-26127%%	Yes	No	–	–	Important	7.5	6.5
.NET Elevation of Privilege Vulnerability
%%cve:2026-26131%%	No	No	–	–	Important	7.8	6.8
ASP.NET Core Denial of Service Vulnerability
%%cve:2026-26130%%	No	No	–	–	Important	7.5	6.5
Active Directory Domain Services Elevation of Privilege Vulnerability
%%cve:2026-25177%%	No	No	–	–	Important	8.8	7.7
Arc Enabled Servers – Azure Connected Machine Agent Elevation of Privilege Vulnerability
%%cve:2026-26117%%	No	No	–	–	Important	7.8	6.8
Azure IOT Explorer Spoofing Vulnerability
%%cve:2026-26121%%	No	No	–	–	Important	7.5	6.5
Azure IoT Explorer Information Disclosure Vulnerability
%%cve:2026-23664%%	No	No	–	–	Important	7.5	6.5
%%cve:2026-23661%%	No	No	–	–	Important	7.5	6.5
%%cve:2026-23662%%	No	No	–	–	Important	7.5	6.5
Azure MCP Server Tools Elevation of Privilege Vulnerability
%%cve:2026-26118%%	No	No	–	–	Important	8.8	7.7
Broadcast DVR Elevation of Privilege Vulnerability
%%cve:2026-23667%%	No	No	–	–	Important	7.0	6.1
Chromium: CVE-2026-3536 Integer overflow in ANGLE
%%cve:2026-3536%%	No	No	–	–	–
Chromium: CVE-2026-3538 Integer overflow in Skia
%%cve:2026-3538%%	No	No	–	–	–
Chromium: CVE-2026-3539 Object lifecycle issue in DevTools
%%cve:2026-3539%%	No	No	–	–	–
Chromium: CVE-2026-3540 Inappropriate implementation in WebAudio
%%cve:2026-3540%%	No	No	–	–	–
Chromium: CVE-2026-3541 Inappropriate implementation in CSS
%%cve:2026-3541%%	No	No	–	–	–
Chromium: CVE-2026-3542 Inappropriate implementation in WebAssembly
%%cve:2026-3542%%	No	No	–	–	–
Chromium: CVE-2026-3543 Inappropriate implementation in V8
%%cve:2026-3543%%	No	No	–	–	–
Chromium: CVE-2026-3544 Heap buffer overflow in WebCodecs
%%cve:2026-3544%%	No	No	–	–	–
Chromium: CVE-2026-3545 Insufficient data validation in Navigation
%%cve:2026-3545%%	No	No	–	–	–
GDI Remote Code Execution Vulnerability
%%cve:2026-25190%%	No	No	–	–	Important	7.8	6.8
GDI+ Information Disclosure Vulnerability
%%cve:2026-25181%%	No	No	–	–	Important	7.5	6.5
GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable
%%cve:2026-26030%%	No	No	–	–	Important	9.9	8.6
GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
%%cve:2026-23654%%	No	No	–	–	Important	8.8	7.7
Hybrid Worker Extension (Arc?enabled Windows VMs) Elevation of Privilege Vulnerability
%%cve:2026-26141%%	No	No	–	–	Important	7.8	6.8
Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability
%%cve:2026-23665%%	No	No	–	–	Important	7.8	6.8
MapUrlToZone Security Feature Bypass Vulnerability
%%cve:2026-23674%%	No	No	–	–	Important	7.5	6.5
Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
%%cve:2026-23651%%	No	No	–	–	Critical	6.7	6.0
%%cve:2026-26124%%	No	No	–	–	Critical	6.7	6.0
Microsoft ACI Confidential Containers Information Disclosure Vulnerability
%%cve:2026-26122%%	No	No	–	–	Critical	6.5	5.7
Microsoft Authenticator Information Disclosure Vulnerability
%%cve:2026-26123%%	No	No	–	–	Important	5.5	4.8
Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability
%%cve:2026-26148%%	No	No	–	–	Important	8.1	7.3
Microsoft Brokering File System Elevation of Privilege Vulnerability
%%cve:2026-25167%%	No	No	–	–	Important	7.4	6.4
Microsoft Devices Pricing Program Remote Code Execution Vulnerability
%%cve:2026-21536%%	No	No	–	–	Critical	9.8	8.5
Microsoft Excel Information Disclosure Vulnerability
%%cve:2026-26144%%	No	No	–	–	Critical	7.5	6.5
Microsoft Excel Remote Code Execution Vulnerability
%%cve:2026-26112%%	No	No	–	–	Important	7.8	6.8
%%cve:2026-26107%%	No	No	–	–	Important	7.8	6.8
%%cve:2026-26108%%	No	No	–	–	Important	7.8	6.8
%%cve:2026-26109%%	No	No	–	–	Important	8.4	7.3
Microsoft Office Elevation of Privilege Vulnerability
%%cve:2026-26134%%	No	No	–	–	Important	7.8	6.8
Microsoft Office Remote Code Execution Vulnerability
%%cve:2026-26113%%	No	No	–	–	Critical	8.4	7.3
%%cve:2026-26110%%	No	No	–	–	Critical	8.4	7.3
Microsoft SharePoint Server Remote Code Execution Vulnerability
%%cve:2026-26114%%	No	No	–	–	Important	8.8	7.7
%%cve:2026-26106%%	No	No	–	–	Important	8.8	7.7
Microsoft SharePoint Server Spoofing Vulnerability
%%cve:2026-26105%%	No	No	–	–	Important	8.1	7.1
Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability
%%cve:2026-24283%%	No	No	–	–	Important	8.8	7.7
Payment Orchestrator Service Elevation of Privilege Vulnerability
%%cve:2026-26125%%	No	No	–	–	Critical	8.6	7.7
Performance Counters for Windows Elevation of Privilege Vulnerability
%%cve:2026-25165%%	No	No	–	–	Important	7.8	6.8
Push message Routing Service Elevation of Privilege Vulnerability
%%cve:2026-24282%%	No	No	–	–	Important	5.5	4.8
SQL Server Elevation of Privilege Vulnerability
%%cve:2026-21262%%	Yes	No	–	–	Important	8.8	7.7
%%cve:2026-26115%%	No	No	–	–	Important	8.8	7.7
%%cve:2026-26116%%	No	No	–	–	Important	8.8	7.7
System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability
%%cve:2026-20967%%	No	No	–	–	Important	8.8	7.7
Win32k Elevation of Privilege Vulnerability
%%cve:2026-24285%%	No	No	–	–	Important	7.0	6.1
Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability
%%cve:2026-24291%%	No	No	–	–	Important	7.8	6.8
Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability
%%cve:2026-25186%%	No	No	–	–	Important	5.5	4.8
Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
%%cve:2026-23660%%	No	No	–	–	Important	7.8	6.8
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
%%cve:2026-24293%%	No	No	–	–	Important	7.8	6.8
%%cve:2026-25176%%	No	No	–	–	Important	7.8	6.8
%%cve:2026-25178%%	No	No	–	–	Important	7.0	6.1
%%cve:2026-25179%%	No	No	–	–	Important	7.0	6.1
Windows App Installer Spoofing Vulnerability
%%cve:2026-23656%%	No	No	–	–	Important
Windows Authentication Elevation of Privilege Vulnerability
%%cve:2026-25171%%	No	No	–	–	Important	7.0	6.1
Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability
%%cve:2026-23671%%	No	No	–	–	Important	7.0	6.1
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
%%cve:2026-24292%%	No	No	–	–	Important	7.8	6.8
Windows DWM Core Library Elevation of Privilege Vulnerability
%%cve:2026-25189%%	No	No	–	–	Important	7.8	6.8
Windows Device Association Service Elevation of Privilege Vulnerability
%%cve:2026-24295%%	No	No	–	–	Important	7.0	6.1
%%cve:2026-24296%%	No	No	–	–	Important	7.0	6.1
Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
%%cve:2026-25174%%	No	No	–	–	Important	7.8	6.8
Windows Graphics Component Denial of Service Vulnerability
%%cve:2026-25168%%	No	No	–	–	Important	6.2	5.4
%%cve:2026-25169%%	No	No	–	–	Important	6.2	5.4
Windows Graphics Component Elevation of Privilege Vulnerability
%%cve:2026-23668%%	No	No	–	–	Important	7.0	6.1
Windows Graphics Component Information Disclosure Vulnerability
%%cve:2026-25180%%	No	No	–	–	Important	5.5	4.8
Windows Hyper-V Elevation of Privilege Vulnerability
%%cve:2026-25170%%	No	No	–	–	Important	7.0	6.1
Windows Kerberos Security Feature Bypass Vulnerability
%%cve:2026-24297%%	No	No	–	–	Important	6.5	5.7
Windows Kernel Elevation of Privilege Vulnerability
%%cve:2026-24287%%	No	No	–	–	Important	7.8	6.8
%%cve:2026-24289%%	No	No	–	–	Important	7.8	6.8
%%cve:2026-26132%%	No	No	–	–	Important	7.8	6.8
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
%%cve:2026-24288%%	No	No	–	–	Important	6.8	5.9
Windows NTFS Elevation of Privilege Vulnerability
%%cve:2026-25175%%	No	No	–	–	Important	7.8	6.8
Windows Print Spooler Remote Code Execution Vulnerability
%%cve:2026-23669%%	No	No	–	–	Important	8.8	7.7
Windows Projected File System Elevation of Privilege Vulnerability
%%cve:2026-24290%%	No	No	–	–	Important	7.8	6.8
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
%%cve:2026-23673%%	No	No	–	–	Important	7.8	6.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
%%cve:2026-25172%%	No	No	–	–	Important	8.8	7.7
%%cve:2026-25173%%	No	No	–	–	Important	8.0	7.0
%%cve:2026-26111%%	No	No	–	–	Important	8.8	7.7
Windows SMB Server Elevation of Privilege Vulnerability
%%cve:2026-24294%%	No	No	–	–	Important	7.8	6.8
%%cve:2026-26128%%	No	No	–	–	Important	7.8	6.8
Windows Shell Link Processing Spoofing Vulnerability
%%cve:2026-25185%%	No	No	–	–	Important	5.3	4.6
Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability
%%cve:2026-25166%%	No	No	–	–	Important	7.8	6.8
Windows Telephony Service Elevation of Privilege Vulnerability
%%cve:2026-25188%%	No	No	–	–	Important	8.8	7.7
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
%%cve:2026-23672%%	No	No	–	–	Important	7.8	6.8
Winlogon Elevation of Privilege Vulnerability
%%cve:2026-25187%%	No	No	–	–	Important	7.8	6.8

—
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)

Category :

Posted On :

Quick Links

Contact