Exchange Server and Outlook headline a high-impact month.
March 2026 brought a focused set of Exchange Server and Outlook vulnerabilities — a familiar pattern that has previously led to opportunistic mass exploitation within days.
- Risk theme: Exchange Server remote code execution
- Risk theme: Outlook NTLM credential disclosure
- Risk theme: Windows DNS server denial of service
- Risk theme: Defender bypass via crafted file
The issues that move the needle this month.
We have focused on the categories with realistic exploitation paths for UK SMEs and regulated firms. Always cross-check with Microsoft's Security Update Guide and your own asset inventory before deployment.
Exchange Server RCE
An authenticated attacker on a vulnerable Exchange instance could execute arbitrary code. Historically, exposed Exchange has been one of the most exploited targets for SMEs.
Outlook NTLM hash disclosure
A crafted email could trigger Outlook to leak NTLM credentials to an attacker-controlled host — usable for relay attacks against internal services.
Windows DNS server DoS
Malformed queries could crash the DNS service. Limited blast radius, but disruptive in environments still running DNS on domain controllers.
Microsoft Defender bypass
A file format edge case allowed malicious payloads to evade scanning. Patched alongside an engine update.
Where the risk lives.
- — Exchange Server (on-premises)
- — Outlook for Windows and Microsoft 365 Apps
- — Windows Server DNS role
- — Microsoft Defender for Endpoint
What to watch for when rolling out.
- Exchange cumulative required a re-run of Setup /PrepareSchema in some hybrid environments.
- Outlook update caused signature blocks to render incorrectly on reply chains until profile rebuild.
- Defender engine update increased CPU briefly during the first full scan post-deployment.
- Removes a well-documented attack path that affiliates regularly scan for.
- Outlook NTLM fix closes a credential-theft vector that bypasses MFA in many setups.
- Defender engine improvements raise the floor across the estate.
- Exchange updates remain operationally heavy and require careful sequencing in DAGs.
- Some Outlook customisations may need re-application.
How experienced teams roll these out without drama.
- If you still host Exchange on-premises, prioritise this release above everything else.
- Use Outlook Group Policy templates to enforce NTLM hardening alongside the patch.
- Schedule Defender's first post-update scan outside working hours to avoid user complaints.
Advice, guidance, or full remediation — your call.
Whether you want a second pair of eyes on this month's release or you would rather hand the entire patching cycle to us, Secure Chain Technology Group can support at any level of involvement.
- Advisory: a prioritised briefing mapped to your estate and risk appetite, with recommended rollout rings.
- Guided deployment: we work alongside your IT team — test plans, rollback procedures and change-management evidence.
- Fully managed remediation: we deploy, validate and report on every patch through our Vulnerability Management-as-a-Service (VMaaS) and Patch Management services.
- Compliance evidence: reporting aligned to Cyber Essentials Plus, ISO 27001 and DSPT requirements.
Always verify against the official Microsoft Security Update Guide and your own asset inventory before deployment.