Microsoft released patches for 83 vulnerabilities across its products, including one critical remote code execution flaw that has already been mitigated. Two bugs were publicly disclosed (.NET DoS CVE-2026-26127 and SQL Server elevation CVE-2026-21262), and several Azure and privilege-escalation issues may require special attention and non-standard patching. #Microsoft #Azure
Keypoints
- Microsoft patched 83 vulnerabilities across its products this month.
- Two publicly disclosed issues are CVE-2026-26127 (.NET DoS) and CVE-2026-21262 (SQL Server privilege escalation).
- The single critical RCE, CVE-2026-21536 in Devices Pricing Program (CVSS 9.8), has been fully mitigated by Microsoft.
- CVE-2026-26118 in Azure MCP Server Tools can leak a managed identity token if a malicious URL is submitted.
- Five Azure defects—including CVE-2026-23665 (Azure Linux VMs) and multiple Azure IoT Explorer flaws—require non-standard patching and extra IT effort.
Read More: https://www.securityweek.com/microsoft-patches-83-vulnerabilities/