Business US

Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws

Photo of admin-cdn admin-cdn4 hours ago
0 0 6 minutes read
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws

Tag
CVE ID
CVE Title
Severity
.NET
CVE-2026-26131
.NET Elevation of Privilege Vulnerability
Important
.NET
CVE-2026-26127
.NET Denial of Service Vulnerability
Important
Active Directory Domain Services
CVE-2026-25177
Active Directory Domain Services Elevation of Privilege Vulnerability
Important
ASP.NET Core
CVE-2026-26130
ASP.NET Core Denial of Service Vulnerability
Important
Azure Arc
CVE-2026-26141
Hybrid Worker Extension (Arc-enabled Windows VMs) Elevation of Privilege Vulnerability
Important
Azure Compute Gallery
CVE-2026-23651
Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
Critical
Azure Compute Gallery
CVE-2026-26124
Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
Critical
Azure Compute Gallery
CVE-2026-26122
Microsoft ACI Confidential Containers Information Disclosure Vulnerability
Critical
Azure Entra ID
CVE-2026-26148
Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability
Important
Azure IoT Explorer
CVE-2026-26121
Azure IOT Explorer Spoofing Vulnerability
Important
Azure IoT Explorer
CVE-2026-23662
Azure IoT Explorer Information Disclosure Vulnerability
Important
Azure IoT Explorer
CVE-2026-23661
Azure IoT Explorer Information Disclosure Vulnerability
Important
Azure IoT Explorer
CVE-2026-23664
Azure IoT Explorer Information Disclosure Vulnerability
Important
Azure Linux Virtual Machines
CVE-2026-23665
Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability
Important
Azure MCP Server
CVE-2026-26118
Azure MCP Server Tools Elevation of Privilege Vulnerability
Important
Azure Portal Windows Admin Center
CVE-2026-23660
Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Important
Azure Windows Virtual Machine Agent
CVE-2026-26117
Arc Enabled Servers – Azure Connected Machine Agent Elevation of Privilege Vulnerability
Important
Broadcast DVR
CVE-2026-23667
Broadcast DVR Elevation of Privilege Vulnerability
Important
Connected Devices Platform Service (Cdpsvc)
CVE-2026-24292
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Important
GitHub Repo: zero-shot-scfoundation
CVE-2026-23654
GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
Important
Mariner
CVE-2026-23235
f2fs: fix out-of-bounds access in sysfs attribute read/write
Important
Mariner
CVE-2026-23234
f2fs: fix to avoid UAF in f2fs_write_end_io()
Important
Mariner
CVE-2026-3713
pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow
Moderate
Mariner
CVE-2026-23237
platform/x86: classmate-laptop: Add missing NULL pointer checks
Moderate
Mariner
CVE-2026-26017
CoreDNS ACL Bypass
Important
Mariner
CVE-2026-26018
CoreDNS Loop Detection Denial of Service Vulnerability
Important
Mariner
CVE-2026-2297
SourcelessFileLoader does not use io.open_code()
Moderate
Mariner
CVE-2026-0038
In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Important
Mariner
CVE-2026-27601
Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack
Important
Mariner
CVE-2026-23236
fbdev: smscufx: properly copy ioctl memory to kernelspace
Moderate
Mariner
CVE-2026-23865
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
Moderate
Mariner
CVE-2025-71238
scsi: qla2xxx: Fix bsg_done() causing double free
Moderate
Mariner
CVE-2026-3338
PKCS7_verify Signature Validation Bypass in AWS-LC
Important
Mariner
CVE-2026-23231
netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
Important
Mariner
CVE-2026-3381
Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
Critical
Mariner
CVE-2026-0031
In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Important
Mariner
CVE-2026-23238
romfs: check sb_set_blocksize() return value
Moderate
Mariner
CVE-2026-3494
MariaDB Server Audit Plugin Comment Handling Bypass
Moderate
Mariner
CVE-2026-3336
PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Important
Mariner
CVE-2026-0032
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Important
Microsoft Authenticator
CVE-2026-26123
Microsoft Authenticator Information Disclosure Vulnerability
Important
Microsoft Brokering File System
CVE-2026-25167
Microsoft Brokering File System Elevation of Privilege Vulnerability
Important
Microsoft Devices Pricing Program
CVE-2026-21536
Microsoft Devices Pricing Program Remote Code Execution Vulnerability
Critical
Microsoft Edge (Chromium-based)
CVE-2026-3544
Chromium: CVE-2026-3544 Heap buffer overflow in WebCodecs
Unknown
Microsoft Edge (Chromium-based)
CVE-2026-3540
Chromium: CVE-2026-3540 Inappropriate implementation in WebAudio
Unknown
Microsoft Edge (Chromium-based)
CVE-2026-3536
Chromium: CVE-2026-3536 Integer overflow in ANGLE
Unknown
Microsoft Edge (Chromium-based)
CVE-2026-3538
Chromium: CVE-2026-3538 Integer overflow in Skia
Unknown
Microsoft Edge (Chromium-based)
CVE-2026-3545
Chromium: CVE-2026-3545 Insufficient data validation in Navigation
Unknown
Microsoft Edge (Chromium-based)
CVE-2026-3541
Chromium: CVE-2026-3541 Inappropriate implementation in CSS
Unknown
Microsoft Edge (Chromium-based)
CVE-2026-3543
Chromium: CVE-2026-3543 Inappropriate implementation in V8
Unknown
Microsoft Edge (Chromium-based)
CVE-2026-3539
Chromium: CVE-2026-3539 Object lifecycle issue in DevTools
Unknown
Microsoft Edge (Chromium-based)
CVE-2026-3542
Chromium: CVE-2026-3542 Inappropriate implementation in WebAssembly
Unknown
Microsoft Graphics Component
CVE-2026-25169
Windows Graphics Component Denial of Service Vulnerability
Important
Microsoft Graphics Component
CVE-2026-25180
Windows Graphics Component Information Disclosure Vulnerability
Important
Microsoft Graphics Component
CVE-2026-25168
Windows Graphics Component Denial of Service Vulnerability
Important
Microsoft Graphics Component
CVE-2026-23668
Windows Graphics Component Elevation of Privilege Vulnerability
Important
Microsoft Office
CVE-2026-26110
Microsoft Office Remote Code Execution Vulnerability
Critical
Microsoft Office
CVE-2026-26113
Microsoft Office Remote Code Execution Vulnerability
Critical
Microsoft Office
CVE-2026-26134
Microsoft Office Elevation of Privilege Vulnerability
Important
Microsoft Office Excel
CVE-2026-26144
Microsoft Excel Information Disclosure Vulnerability
Critical
Microsoft Office Excel
CVE-2026-26109
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2026-26108
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2026-26107
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2026-26112
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office SharePoint
CVE-2026-26105
Microsoft SharePoint Server Spoofing Vulnerability
Important
Microsoft Office SharePoint
CVE-2026-26114
Microsoft SharePoint Server Remote Code Execution Vulnerability
Important
Microsoft Office SharePoint
CVE-2026-26106
Microsoft SharePoint Server Remote Code Execution Vulnerability
Important
Microsoft Semantic Kernel Python SDK
CVE-2026-26030
GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable
Important
Payment Orchestrator Service
CVE-2026-26125
Payment Orchestrator Service Elevation of Privilege Vulnerability
Critical
Push Message Routing Service
CVE-2026-24282
Push message Routing Service Elevation of Privilege Vulnerability
Important
Role: Windows Hyper-V
CVE-2026-25170
Windows Hyper-V Elevation of Privilege Vulnerability
Important
SQL Server
CVE-2026-21262
SQL Server Elevation of Privilege Vulnerability
Important
SQL Server
CVE-2026-26116
SQL Server Elevation of Privilege Vulnerability
Important
SQL Server
CVE-2026-26115
SQL Server Elevation of Privilege Vulnerability
Important
System Center Operations Manager
CVE-2026-20967
System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability
Important
Windows Accessibility Infrastructure (ATBroker.exe)
CVE-2026-25186
Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability
Important
Windows Accessibility Infrastructure (ATBroker.exe)
CVE-2026-24291
Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability
Important
Windows Ancillary Function Driver for WinSock
CVE-2026-25179
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Important
Windows Ancillary Function Driver for WinSock
CVE-2026-24293
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Important
Windows Ancillary Function Driver for WinSock
CVE-2026-25176
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Important
Windows Ancillary Function Driver for WinSock
CVE-2026-25178
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Important
Windows App Installer
CVE-2026-23656
Windows App Installer Spoofing Vulnerability
Important
Windows Authentication Methods
CVE-2026-25171
Windows Authentication Elevation of Privilege Vulnerability
Important
Windows Bluetooth RFCOM Protocol Driver
CVE-2026-23671
Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability
Important
Windows Device Association Service
CVE-2026-24296
Windows Device Association Service Elevation of Privilege Vulnerability
Important
Windows Device Association Service
CVE-2026-24295
Windows Device Association Service Elevation of Privilege Vulnerability
Important
Windows DWM Core Library
CVE-2026-25189
Windows DWM Core Library Elevation of Privilege Vulnerability
Important
Windows Extensible File Allocation
CVE-2026-25174
Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
Important
Windows File Server
CVE-2026-24283
Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability
Important
Windows GDI
CVE-2026-25190
GDI Remote Code Execution Vulnerability
Important
Windows GDI+
CVE-2026-25181
GDI+ Information Disclosure Vulnerability
Important
Windows Kerberos
CVE-2026-24297
Windows Kerberos Security Feature Bypass Vulnerability
Important
Windows Kernel
CVE-2026-26132
Windows Kernel Elevation of Privilege Vulnerability
Important
Windows Kernel
CVE-2026-24289
Windows Kernel Elevation of Privilege Vulnerability
Important
Windows Kernel
CVE-2026-24287
Windows Kernel Elevation of Privilege Vulnerability
Important
Windows MapUrlToZone
CVE-2026-23674
MapUrlToZone Security Feature Bypass Vulnerability
Important
Windows Mobile Broadband
CVE-2026-24288
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Important
Windows NTFS
CVE-2026-25175
Windows NTFS Elevation of Privilege Vulnerability
Important
Windows Performance Counters
CVE-2026-25165
Performance Counters for Windows Elevation of Privilege Vulnerability
Important
Windows Print Spooler Components
CVE-2026-23669
Windows Print Spooler Remote Code Execution Vulnerability
Important
Windows Projected File System
CVE-2026-24290
Windows Projected File System Elevation of Privilege Vulnerability
Important
Windows Resilient File System (ReFS)
CVE-2026-23673
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2026-26111
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2026-25173
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2026-25172
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Important
Windows Shell Link Processing
CVE-2026-25185
Windows Shell Link Processing Spoofing Vulnerability
Important
Windows SMB Server
CVE-2026-26128
Windows SMB Server Elevation of Privilege Vulnerability
Important
Windows SMB Server
CVE-2026-24294
Windows SMB Server Elevation of Privilege Vulnerability
Important
Windows System Image Manager
CVE-2026-25166
Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability
Important
Windows Telephony Service
CVE-2026-25188
Windows Telephony Service Elevation of Privilege Vulnerability
Important
Windows Universal Disk Format File System Driver (UDFS)
CVE-2026-23672
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
Important
Windows Win32K
CVE-2026-24285
Win32k Elevation of Privilege Vulnerability
Important
Winlogon
CVE-2026-25187
Winlogon Elevation of Privilege Vulnerability
Important

Photo of admin-cdn admin-cdn4 hours ago
0 0 6 minutes read
Photo of admin-cdn

admin-cdn

Related Articles

Over 4000 in Tulsa without power after power flash, multiple downed power lines

Over 4000 in Tulsa without power after power flash, multiple downed power lines

15 December، 2025
Trump says he’ll ban large investors from buying homes, with few details - The Washington Post

Trump says he’ll ban large investors from buying homes, with few details – The Washington Post

8 January، 2026
Amazon recall: Update as toxic warning issued for items sold nationwide

Amazon recall: Update as toxic warning issued for items sold nationwide

14 December، 2025
Coca-Cola Reports Third Quarter 2025 Results :: The Coca-Cola Company (KO)

Coca-Cola Reports Third Quarter 2025 Results :: The Coca-Cola Company (KO)

21 October، 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button