Microsoftβs Patch Tuesday March 2026 rollout fixes 79 vulnerabilities across SQL Server, .NET, Office, SharePoint Server, and Azure, including three critical bugs and two publicly disclosed zero-days. Notable fixes include CVE-2026-21262 (SQL Server privilege escalation) and CVE-2026-26144 (Excel Copilot zero-click information disclosure), and administrators are urged to apply updates immediately to mitigate remote code execution and data exfiltration risks. #CVE-2026-26144 #CVE-2026-21262
Keypoints
- Patch Tuesday March 2026 addresses 79 vulnerabilities across multiple Microsoft products.
- Two publicly disclosed zero-days are CVE-2026-21262 (SQL Server) and CVE-2026-26127 (.NET).
- CVE-2026-26144 is a critical Excel information disclosure that can weaponize Copilot Agent for zero-click data exfiltration.
- Two critical remote code execution bugs in Microsoft Office can be triggered via the Preview Pane.
- Additional important flaws affect SharePoint Server, Azure MCP tools (SSRF), Windows components, and SMB, some enabling SYSTEM or token theft.
Read More: https://thecyberexpress.com/microsoft-patch-tuesday-march-2026/