Microsoft has released its March 2026 Patch Tuesday security update, fixing 79 vulnerabilities across Windows, Microsoft Office, SQL Server, and other services.
The update includes two publicly disclosed zero-day vulnerabilities and three critical flaws that could allow remote code execution or data exposure.
According to Microsoft, the update addresses several categories of security issues, including elevation of privilege, remote code execution, information disclosure, denial of service, and spoofing vulnerabilities. Elevation of privilege flaws make up the largest portion, with 46 issues fixed in this release.
Two of the most notable vulnerabilities are publicly disclosed zero-day vulnerabilities. The first, CVE-2026-21262, affects Microsoft SQL Server and could allow attackers to gain SQLAdmin privileges through improper access control. The second, CVE-2026-26127, is a .NET vulnerability that could allow attackers to trigger a denial of service attack over a network.
Microsoft also fixed two critical remote code execution vulnerabilities in Microsoft Office that can be exploited through the preview pane. This means users could be exposed simply by previewing a malicious document, making it important to install updates quickly.
Another important fix addresses a Microsoft Excel vulnerability that could potentially allow attackers to leak sensitive data through Microsoft Copilot by triggering unintended network communication.
Alongside Microsoft’s updates, several other major technology companies also released security patches this month. Adobe, Cisco, Fortinet, Google, HPE, and SAP all issued updates addressing vulnerabilities in their products, including a zero-day Android flaw fixed by Google.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Security experts recommend installing Patch Tuesday updates as soon as possible to protect systems from potential attacks and newly discovered vulnerabilities.
