Microsoft Corp.<\/strong> at this time pushed safety updates to repair a minimum of 77 vulnerabilities in its Home windows<\/strong> working methods and different software program. There aren’t any urgent \u201czero-day\u201d flaws this month (in comparison with February\u2019s 5 zero-day deal with), however as normal some patches could deserve extra fast consideration from organizations utilizing Home windows. Listed here are a couple of highlights from this month\u2019s Patch Tuesday.<\/p>\n Picture: Shutterstock, @nwz.<\/p>\n<\/div>\n Two of the bugs Microsoft patched at this time had been publicly disclosed beforehand. CVE-2026-21262<\/a> is a weak spot that enables an attacker to raise their privileges on SQL Server 2016<\/strong> and later editions.<\/p>\n \u201cThis isn\u2019t simply any elevation of privilege vulnerability, both; the advisory notes that a certified attacker can elevate privileges to sysadmin over a community,\u201d Rapid7\u2019s Adam Barnett<\/strong> stated. \u201cThe CVSS v3 base rating of 8.8 is slightly below the brink for crucial severity, since low-level privileges are required. It might be a brave defender who shrugged and deferred the patches for this one.\u201d<\/p>\n The opposite publicly disclosed flaw is CVE-2026-26127<\/a>, a vulnerability in functions working on .NET<\/strong>. Barnett stated the instant influence of exploitation is probably going restricted to denial of service by triggering a crash, with the potential for different sorts of assaults throughout a service reboot.<\/p>\n It might hardly be a correct Patch Tuesday with out a minimum of one crucial Microsoft Workplace<\/strong> exploit, and this month doesn\u2019t disappoint. CVE-2026-26113<\/a> and CVE-2026-26110<\/a> are each distant code execution flaws that may be triggered simply by viewing a booby-trapped message within the Preview Pane.<\/p>\n Satnam Narang<\/strong> at Tenable<\/strong> notes that simply over half (55%) of all Patch Tuesday CVEs this month are privilege escalation bugs, and of these, a half dozen had been rated \u201cexploitation extra probably\u201d \u2014 throughout Home windows Graphics Part, Home windows Accessibility Infrastructure, Home windows Kernel, Home windows SMB Server and Winlogon. These embrace:<\/p>\n \u2013CVE-2026-24291<\/a>: Incorrect permission assignments throughout the Home windows Accessibility Infrastructure to succeed in SYSTEM (CVSS 7.8) Ben McCarthy<\/strong>, lead cyber safety engineer at Immersive<\/strong>, known as consideration to CVE-2026-21536<\/a>, a crucial distant code execution bug in a part known as the Microsoft Gadgets Pricing Program. Microsoft has already resolved the problem on their finish, and fixing it requires no motion on the a part of Home windows customers. However McCarthy says it\u2019s notable as one of many first vulnerabilities recognized by an AI agent and formally acknowledged with a CVE attributed to the Home windows working system. It was found by XBOW<\/strong>, a completely autonomous AI penetration testing agent.<\/p>\n XBOW has persistently ranked at or close to the highest of the Hacker One bug bounty leaderboard for the previous yr. McCarthy stated CVE-2026-21536 demonstrates how AI brokers can determine crucial 9.8-rated vulnerabilities with out entry to supply code.<\/p>\n \u201cThough Microsoft has already patched and mitigated the vulnerability, it highlights a shift towards AI-driven discovery of complicated vulnerabilities at rising pace,\u201d McCarthy stated. \u201cThis growth suggests AI-assisted vulnerability analysis will play a rising position within the safety panorama.\u201d<\/p>\n Microsoft earlier supplied patches to handle 9 browser vulnerabilities, which aren’t included within the Patch Tuesday depend above. As well as, Microsoft issued a vital out-of-band (emergency) replace on March 2<\/a> for Home windows Server 2022<\/strong> to handle a certificates renewal challenge with passwordless authentication expertise Home windows Hi there for Enterprise.<\/p>\n Individually, Adobe<\/strong> shipped updates to repair 80 vulnerabilities \u2014 a few of them crucial in severity \u2014 in quite a lot of merchandise<\/a>, together with Acrobat<\/strong> and Adobe Commerce<\/strong>. Mozilla Firefox<\/strong> v. 148.0.2 resolves three excessive severity CVEs.<\/p>\n For an entire breakdown of all of the patches Microsoft launched at this time, take a look at the SANS Web Storm Heart\u2019s Patch Tuesday submit<\/a>. Home windows enterprise admins who want to keep abreast of any information about problematic updates, AskWoody.com<\/a> is all the time value a go to. Please be at liberty to drop a remark under should you expertise any points apply this month\u2019s patches.<\/p>\n<\/p><\/div>\n\n","protected":false},"excerpt":{"rendered":" Microsoft Corp. at this time pushed safety updates to repair a minimum of 77 vulnerabilities in its Home windows working methods and different software program. There aren’t any urgent \u201czero-day\u201d flaws this month (in comparison with February\u2019s 5 zero-day deal with), however as normal some patches could deserve extra fast consideration from organizations utilizing Home […]<\/p>\n","protected":false},"author":2,"featured_media":12746,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[406,262,1282,618,1077,211,1078],"class_list":["post-12744","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-edition","tag-krebs","tag-march","tag-microsoft","tag-patch","tag-security","tag-tuesday"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/12744","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12744"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/12744\/revisions"}],"predecessor-version":[{"id":12745,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/12744\/revisions\/12745"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/12746"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/winupdatechecking.png\")
<\/p>\n
\u2013CVE-2026-24294<\/a>: Improper authentication within the core SMB part (CVSS 7.8)
\u2013CVE-2026-24289<\/a>: Excessive-severity reminiscence corruption and race situation flaw (CVSS 7.8)
\u2013CVE-2026-25187<\/a>: Winlogon course of weak spot found by Google Venture Zero (CVSS 7.8).<\/p>\n