Webinar Library
Welcome to my March 2026 Patch Tuesday newsletter. It's a fairly average month from Microsoft. Today, MS released 78 updates and another 8 since last month's Patch Tuesday. So in total we have 86 updates in the chart below. This month we have only 2 zero-days to tell you about. Both are public but currently no exploitation has been detected.
Publicly Disclosed but no exploitation currently detected
Besides these we have 10 "Critical" rated CVE's being pushed out for the month. You will want to peruse the chart below to see if your environment contains any of the affected applications and the vulnerable versions. I want to invite you to a couple of webinars I'm hosting this month. Both subjects are below. Just click on the title to register. You won't want to miss these.
Happy patching!
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 10, 11
Server 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations Windows App Client for Windows Desktop Windows Admin Center
Important
CVE-2026-23656 CVE-2026-23667 CVE-2026-23668 CVE-2026-23669 CVE-2026-23671 CVE-2026-23672 CVE-2026-23673 CVE-2026-23674 CVE-2026-24282 CVE-2026-24283 CVE-2026-24285 CVE-2026-24287 CVE-2026-24288 CVE-2026-24289 CVE-2026-24290 CVE-2026-24291 CVE-2026-24292 CVE-2026-24293 CVE-2026-24294 CVE-2026-24295 CVE-2026-24296 CVE-2026-24297 CVE-2026-25165 CVE-2026-25166 CVE-2026-25167 CVE-2026-25168 CVE-2026-25169 CVE-2026-25170 CVE-2026-25171 CVE-2026-25172 CVE-2026-25173 CVE-2026-25174 CVE-2026-25175 CVE-2026-25176 CVE-2026-25177 CVE-2026-25178 CVE-2026-25179 CVE-2026-25180 CVE-2026-25181 CVE-2026-25185 CVE-2026-25186 CVE-2026-25187 CVE-2026-25188 CVE-2026-25189 CVE-2026-25190 CVE-2026-26111 CVE-2026-26119 CVE-2026-26128 CVE-2026-26132
Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
Edge
Edge (Chromium-based)
Low
CVE-2026-0102
Workaround: No Exploited: No Public: No
Office
365 Apps for Enterprise Excel 2016 Office 2016, 2019 LTSC 2021, 2024 including for Mac Teams Office for Android Office Online Server
Critical
CVE-2026-21535 CVE-2026-24285 CVE-2026-25180 CVE-2026-26107 CVE-2026-26108 CVE-2026-26109 CVE-2026-26110 CVE-2026-26112 CVE-2026-26113 CVE-2026-26134 CVE-2026-26144
Elevation of Privilege Information Disclosure Remote Code Execution
SharePoint
Enterprise Server 2016 Server 2019 Server Subscription Edition
CVE-2026-26105 CVE-2026-26106 CVE-2026-26113 CVE-2026-26114
Azure
Arc Enabled Servers - Azure Connected Machine Agent Automation Hybrid Worker Windows Extension IoT Explorer Linux Virtual Machines with Azure Diagnostics extension MCP Server Tools ACI Confidential Containers AD SSH Login Extension for Linux Windows Admin Center in Azure Portal
CVE-2026-23651 CVE-2026-23660 CVE-2026-23661 CVE-2026-23662 CVE-2026-23664 CVE-2026-23665 CVE-2026-26117 CVE-2026-26118 CVE-2026-26121 CVE-2026-26122 CVE-2026-26124 CVE-2026-26141 CVE-2026-26148
Developer Tools
.NET 10 and 9 installed on Linux, MacOS and Windows ASP.NET Core 10.0, 9.0, 8.0 Microsoft.Bcl.Memory 10.0, 9.0
CVE-2026-26127** CVE-2026-26130 CVE-2026-26131
Workaround: No Exploited: No Public: Yes**
Open Source Software
GitHub Repo: Zero Shot scFoundation
CVE-2026-23654
SQL Server
2016 SP3 GDR and Azure Connect Feature Pack 2017 CU31/GDR 2019 CU32/GDR 2022 CU23/GDR 2025 CU2/GDR
CVE-2026-21262** CVE-2026-26115 CVE-2026-26116
Elevation of Privilege
Device
Devices Pricing Program
CVE-2026-21536
Remote Code Execution
Apps
Authenticator for iOS and Android
CVE-2026-26123
Information Disclosure
System Center
Operations Manager 2019, 2022, 2025
CVE-2026-20967
Other
Payment Orchestrator Service
CVE-2026-26125