In Microsoft’s March 2026 Patch Tuesday release, it addresses 57 vulnerabilities, including issues affecting Windows, Microsoft Office, SQL Server and .NET.
Among the fixes are two publicly disclosed zero-day vulnerabilities, although neither is known to have been actively exploited at the time of release. As always, organisations should prioritise applying these updates promptly to reduce potential exposure.
When counting vulnerabilities for Patch Tuesday, only those released by Microsoft on the day itself are included. This total does not include fixes issued earlier in the month for Microsoft Edge, Azure services, Mariner, the Payment Orchestrator Service or the Microsoft Devices Pricing Program.
For organisations managing Windows environments, Microsoft has also released additional non-security updates as part of the monthly cumulative updates for Windows 11 (KB5079473 and KB5078883) and the Windows 10 extended security update (KB5078885).
Two Publicly Disclosed Zero-Day Vulnerabilities
Microsoft addressed two vulnerabilities that had already been publicly disclosed before patches were available. Microsoft classifies a zero-day as either publicly disclosed or actively exploited before an official fix is released.
CVE-2026-21262 – SQL Server Elevation of Privilege
This vulnerability affects Microsoft SQL Server and could allow an attacker with authorised access to escalate privileges to SQLAdmin level over a network due to improper access control.
The issue was identified by security researcher, who originally highlighted the weakness in his research into stored procedure permissions.
If exploited, attackers could potentially gain elevated database privileges, increasing the risk of data access, modification or further compromise within affected environments.
CVE-2026-26127 – .NET Denial of Service
Microsoft also patched a denial-of-service vulnerability in .NET caused by an out-of-bounds read error.
An unauthorised attacker could exploit this issue over a network to disrupt application availability, potentially impacting services relying on affected .NET components.
The vulnerability was reported by an anonymous security researcher.
Microsoft Office Vulnerabilities Require Attention
Two remote code execution vulnerabilities in Microsoft Office (CVE-2026-26110 and CVE-2026-26113) are particularly notable because they can be triggered through the Preview Pane.
This means that in some scenarios, simply previewing a malicious file could allow code execution without the user opening it directly.
Organisations using Office environments should prioritise these updates.
Another vulnerability of interest affects Microsoft Excel (CVE-2026-26144) and involves potential information disclosure through Microsoft Copilot.
If successfully exploited, an attacker could trigger Copilot Agent mode to exfiltrate sensitive information via unintended network connections, creating the possibility of a zero-click data exposure scenario.
Other Security Updates Released This Month
Alongside Microsoft’s Patch Tuesday updates, several major technology vendors have released their own security advisories and fixes during March.
- Adobe released patches across multiple products including Commerce, Illustrator, Substance 3D Painter, Acrobat Reader, and Premiere Pro. None of the vulnerabilities are currently known to be exploited.
- Cisco published security updates affecting a number of its enterprise products.
- Fortinet released fixes addressing vulnerabilities in FortiOS, FortiPAM and FortiProxy.
- Google issued the March Android security bulletin, which includes a fix for an actively exploited zero-day vulnerability affecting a Qualcomm display component.
- HPE resolved several vulnerabilities within Aruba Networking AOS-CX.
- SAP released its March security update bundle, including two critical vulnerability fixes across multiple products.
What Organisations Should Do Next
Regular patching remains one of the most effective ways to reduce cyber risk. Security teams should prioritise applying updates to:
- SQL Server environments
- Microsoft Office installations
- .NET applications
- Windows systems across endpoints and servers
Maintaining visibility across your infrastructure and applying updates quickly can significantly reduce the window of opportunity for attackers.
If you would like to view the full report for March 2026, click here.