Microsoftβs March 2026 Patch Tuesday fixes 79 vulnerabilities, including two publicly disclosed zero-days and three Critical flaws affecting Windows, Office, Azure, and related components. Key patches include a SQL Server elevation-of-privilege zero-day, a .NET denial-of-service zero-day, two Office remote code execution bugs exploitable via the preview pane, and an Excel information-disclosure flaw that could enable Copilot data exfiltration. #SQLServer #MicrosoftExcel
Keypoints
- Microsoft released fixes for 79 flaws, including 46 elevation-of-privilege and 18 remote code execution vulnerabilities.
- Two publicly disclosed zero-days were patched: CVE-2026-21262 in SQL Server and CVE-2026-26127 in .NET.
- Three Critical vulnerabilities were addressed, two of which are remote code execution issues and one is an information disclosure flaw.
- Two Office RCEs (CVE-2026-26110 and CVE-2026-26113) are exploitable via the preview pane, and an Excel bug (CVE-2026-26144) could enable Copilot-based data exfiltration.
- Other vendors including Adobe, Cisco, Fortinet, Google, HPE, and SAP also released security updates in March 2026.