Patch Now: Microsoft Fixed 2 Zero-Days in The Patch Tuesday Updates

Published Date: March 11, 2026
Category: ShadowOpsIntel
Share:

Microsoft’s March 2026 Patch Tuesday addresses 79 security vulnerabilities. While no vulnerabilities were under active exploit at the time of release, two zero-day vulnerabilities were publicly disclosed prior to the updates. The release is dominated by Elevation of Privilege (EoP) flaws, which account for approximately 55% to 58% of the total bugs.

Severity: Critical

Overall Patch Release

  • Microsoft released security updates for ~79 vulnerabilities across Windows, Office, Azure, SQL Server, Hyper-V, Edge (Chromium), and related components.
  • Including third-party/Chromium fixes, the total rises to ~94 CVEs.
  • 8 vulnerabilities are rated Critical, while the majority are Important severity.
  • Two vulnerabilities were publicly disclosed before patches were released, though none were reported as actively exploited at release time.

Publicly Disclosed Zero-Days

  • CVE-2026-21262 (SQL Server EoP): An authorized attacker can elevate privileges to sysadmin over a network. It affects SQL Server 2016 and later.
  • CVE-2026-26127 (.NET DoS): An out-of-bounds read vulnerability that allows an unauthorized attacker to deny service over a network.

Critical Vulnerabilities

  • CVE-2026-26110 & CVE-2026-26113 (Microsoft Office RCE): These critical flaws can be triggered via the Preview Pane by viewing a specially crafted message, making them highly dangerous for phishing campaigns.
  • CVE-2026-26144 (Microsoft Excel Info Disclosure): A “zero-click” vulnerability where an attacker can use a cross-site scripting (XSS) bug to cause a Copilot Agent to exfiltrate data from the target system.
  • CVE-2026-21536 (Microsoft Devices Pricing Program RCE): Notable as one of the first vulnerabilities discovered by an autonomous AI agent (XBOW) and officially recognized with a CVE. This was an “out-of-band” fix that required no user action.

Notable “More Likely To Be Exploited” Flaws

Microsoft identified several Elevation of Privilege bugs as more likely targets for attackers:

  • CVE-2026-24291: Windows Accessibility Infrastructure (ATBroker.exe).
  • CVE-2026-24294: Windows SMB Server.
  • CVE-2026-24289: Windows Kernel (memory corruption/race condition).
  • CVE-2026-25187: Winlogon (discovered by Google Project Zero).
  • CVE-2026-23669: Windows Print Spooler RCE; authenticated attackers can gain code execution without user interaction.

Recommendations

  1. Apply the March 2026 Microsoft security updates across all affected systems.
  2. Prioritize patching CVE-2026-26110 and CVE-2026-26113 (Office) and CVE-2026-23669 (Print Spooler) due to their RCE potential without user interaction.
  3. Disable Outlook Preview Pane for high-risk environments where feasible.
  4. Enable Safe Attachments and Safe Links policies in Microsoft Defender.
  5. Disable the Print Spooler service on servers and domain controllers where printing is not required.

Source:

  • https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2026-patch-tuesday-fixes-2-zero-days-79-flaws/
  • https://www.zerodayinitiative.com/blog/2026/3/10/the-march-2026-security-update-review
  • https://krebsonsecurity.com/2026/03/microsoft-patch-tuesday-march-2026-edition/
  • https://blog.talosintelligence.com/microsoft-patch-tuesday-march-2026/
  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113
  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26110
  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26144
  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21536
  • https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-21262
  • https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-26127
  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23669
  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25187
  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24289
  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24294
  • https://msrc.microsoft.com/update-guide/releaseNote/2026-Mar

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.

Ampcus Cyber
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

 Talk to an expert