Microsoft has released its March 2026 Patch Tuesday security updates, addressing over 80 vulnerabilities across Windows, Microsoft Office, SQL Server, .NET, Azure, and related components. While no vulnerabilities are currently confirmed as being actively exploited in the wild, two publicly disclosed zero‑day flaws and several critical Office vulnerabilities mean this month’s updates should be treated as high priority for most organisations.
Below, we break down the key risks, affected platforms, and what IT teams should do next.
Key Highlights – March 2026
- 80+ security vulnerabilities patched across Microsoft products
- 2 publicly disclosed zero‑day vulnerabilities (.NET and SQL Server)
- Multiple Critical vulnerabilities, including Office Remote Code Execution flaws
- Privilege Escalation vulnerabilities remain the dominant category
- Windows 10, Windows 11, and Windows Server all affected
- No confirmed active exploitation at time of release
Publicly Disclosed Zero‑Day Vulnerabilities
Although neither vulnerability is currently known to be actively exploited, both were publicly disclosed before a patch was available, increasing the likelihood of opportunistic attacks.
CVE‑2026‑21262 – SQL Server Elevation of Privilege
This vulnerability allows an authenticated attacker to escalate privileges to SQL sysadmin over a network. While exploitation requires existing access, the impact is significant for environments hosting sensitive or regulated data.
CVE‑2026‑26127 – .NET Denial of Service
An out‑of‑bounds read vulnerability in .NET could allow an unauthenticated attacker to cause application or service crashes, potentially leading to availability issues or service disruption.
Critical Microsoft Office Vulnerabilities
March’s release includes multiple Critical‑rated vulnerabilities affecting Microsoft Office, two of which can be triggered via the Preview Pane, meaning user interaction may not be required beyond viewing a file.
Key Office CVEs to Note
- CVE‑2026‑26110 – Remote Code Execution (Office)
- CVE‑2026‑26113 – Remote Code Execution (Office Preview Pane)
- CVE‑2026‑26144 – Excel Information Disclosure (potential data exfiltration, including via Copilot)
These vulnerabilities are particularly relevant for organisations that:
- Receive external email attachments
- Rely on document sharing with third parties
- Operate in legal, financial, or professional services sectors
Windows & Platform Security Updates
Windows Desktop & Server
Microsoft released cumulative updates for:
- Windows 11 (23H2, 24H2, 25H2)
- Windows 10 (including Extended Security Updates)
- Windows Server editions
Most fixes address Elevation of Privilege, Remote Code Execution, and Information Disclosure vulnerabilities across core Windows components such as:
- Winlogon
- SMB Server
- Windows Kernel
- Accessibility Infrastructure
[applicatio…diness.com], [securityaffairs.com]
Known Issues & Post‑Installation Observations
Microsoft’s official advisories list no confirmed known issues at the time of release for March 2026. However, early community feedback indicates:
- Some Windows 11 KB5079473 installations reporting failures or reboot loops
- Graphics/GPU regressions reported in limited configurations
- WDAC COM object allow‑listing issues resolved this month
As always, we recommend testing updates in a controlled environment before broad deployment.
[windowsforum.com], [applicatio…diness.com]
What This Means for Cyber Essentials & Compliance
For organisations working toward or maintaining Cyber Essentials / Cyber Essentials Plus, March’s updates are particularly important due to:
- Remediation of known vulnerabilities in supported operating systems
- Critical fixes affecting Office and email‑borne attack vectors
- Alignment with secure configuration and patching requirements
Delaying these updates may introduce unnecessary compliance and audit risk.
Our Recommendations
✔ Prioritise patching Microsoft Office and Windows endpoints
✔ Ensure SQL Server and .NET environments are updated promptly
✔ Disable Preview Pane where risk tolerance is low (temporary mitigation)
✔ Monitor patch deployment using vulnerability management tooling
✔ Validate patch status as part of CE / ISO evidence packs
If you need assistance validating patch compliance, managing remediation at scale, or preparing audit evidence, Secure Chain can help.
