Microsoft’s March Security Update Fixes 83 Vulnerabilities Including Two Zero-Day Exploits

Microsoft has released its monthly security update for March, addressing a total of 83 vulnerabilities across its software ecosystem. While this represents a smaller volume compared to February’s extensive security release, the update includes two significant zero-day vulnerabilities that had been publicly disclosed prior to the patch release.

The security vulnerabilities addressed in this update span multiple categories. The majority consist of 46 elevation-of-privilege flaws, followed by 18 remote-code-execution vulnerabilities, 10 information disclosure issues, four denial of service problems, four spoofing vulnerabilities, and two security feature bypass flaws. Among these, three vulnerabilities have been classified as critical severity – two involving remote code execution and one concerning information disclosure.

Microsoft follows a predictable schedule for these security releases, typically deploying updates at 10 AM Pacific Time on the second Tuesday of each month, commonly known as Patch Tuesday.

Zero-Day Vulnerabilities Under the Spotlight

Zero-day exploits represent particularly concerning security threats as they involve vulnerabilities that have either been actively used by malicious actors or made public before developers could create and distribute fixes. In this March release, Microsoft has addressed two such zero-day vulnerabilities, though the company has not indicated evidence of active exploitation in either case.

The first vulnerability, designated CVE-2026-21262, affects SQL Server and represents an elevation of privilege flaw. This security gap could allow an authorized attacker to gain SQLAdmin privileges through network access. Security researcher Erland Sommarskog receives credit for identifying this vulnerability.

The second zero-day exploit, catalogued as CVE-2026-26127, involves a denial of service vulnerability within the .NET framework. This flaw was discovered by an anonymous security researcher who reported it to Microsoft.

Beyond these zero-day fixes, the March security update addresses additional critical issues within Microsoft’s office productivity suite. The update includes patches for remote code execution vulnerabilities affecting Microsoft Office generally, along with several specific fixes for security flaws found in Microsoft Excel. Users are strongly advised to ensure all Microsoft Office applications receive these latest security updates promptly.