Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)

On March 10, Microsoft released its March 2026 Patch Tuesday release which patched 83 CVEs with eight rated as critical and 75 rated as important, including two vulnerabilities that were publicly disclosed prior to a patch being released.

CVE-2026-21262 is an elevation of privilege (EoP) vulnerability affecting Microsoft SQL Server. It received a CVSSv3 score of 8.8 and was rated as important. CVE-2026-21262 was publicly disclosed as a zero-day. While no exploitation has been reported by Microsoft, a successful exploit of this flaw would result in an attacker gaining SQL sysadmin privileges. In addition, two more CVEs were issued for EoP flaws in Microsoft SQL Server, CVE-2026-26115 and CVE-2026-26116.

CVE-2026-26127 is a denial of service (DoS) vulnerability affecting .NET 9.0 and 10.0 on Windows, Mac OS and Linux. It received a CVSSv3 score of 7.5 and was rated as important. According to Microsoft, this vulnerability was publicly disclosed prior to patches being made available. Although it was publicly disclosed, Microsoft assesses that exploitation is unlikely for this DoS vulnerability.

This month’s update includes patches for:

• .NET
• ASP.NET Core
• Active Directory Domain Services
• Azure Arc
• Azure Compute Gallery
• Azure Entra ID
• Azure IoT Explorer
• Azure Linux Virtual Machines
• Azure MCP Server
• Azure Portal Windows Admin Center
• Azure Windows Virtual Machine Agent
• Broadcast DVR
• Connected Devices Platform Service (Cdpsvc)
• Microsoft Authenticator
• Microsoft Brokering File System
• Microsoft Devices Pricing Program
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office SharePoint
• Payment Orchestrator Service
• Push Message Routing Service
• Role: Windows Hyper-V
• SQL Server
• System Center Operations Manager
• Windows Accessibility Infrastructure (ATBroker.exe)
• Windows Ancillary Function Driver for WinSock
• Windows App Installer
• Windows Authentication Methods
• Windows Bluetooth RFCOM Protocol Driver
• Windows DWM Core Library
• Windows Device Association Service
• Windows Extensible File Allocation
• Windows File Server
• Windows GDI
• Windows GDI+
• Windows Kerberos
• Windows Kernel
• Windows MapUrlToZone
• Windows Mobile Broadband
• Windows NTFS
• Windows Performance Counters
• Windows Print Spooler Components
• Windows Projected File System
• Windows Resilient File System (ReFS)
• Windows Routing and Remote Access Service (RRAS)
• Windows SMB Server
• Windows Shell Link Processing
• Windows System Image Manager
• Windows Telephony Service
• Windows Universal Disk Format File System Driver (UDFS)
• Windows Win32K
• Winlogon

For more information, please visit our blog.