Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws

March 10, 2026

Tag CVE ID CVE Title Severity .NET CVE-2026-26131 .NET Elevation of Privilege Vulnerability Necessary .NET CVE-2026-26127 .NET Denial of Service Vulnerability Necessary Lively Listing Area Companies CVE-2026-25177 Lively Listing Area Companies Elevation of Privilege Vulnerability Necessary ASP.NET Core CVE-2026-26130 ASP.NET Core Denial of Service Vulnerability Necessary Azure Arc CVE-2026-26141 Hybrid Employee Extension (Arc-enabled Home windows VMs) Elevation of Privilege Vulnerability Necessary Azure Compute Gallery CVE-2026-23651 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability Essential Azure Compute Gallery CVE-2026-26124 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability Essential Azure Compute Gallery CVE-2026-26122 Microsoft ACI Confidential Containers Info Disclosure Vulnerability Essential Azure Entra ID CVE-2026-26148 Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability Necessary Azure IoT Explorer CVE-2026-26121 Azure IOT Explorer Spoofing Vulnerability Necessary Azure IoT Explorer CVE-2026-23662 Azure IoT Explorer Info Disclosure Vulnerability Necessary Azure IoT Explorer CVE-2026-23661 Azure IoT Explorer Info Disclosure Vulnerability Necessary Azure IoT Explorer CVE-2026-23664 Azure IoT Explorer Info Disclosure Vulnerability Necessary Azure Linux Digital Machines CVE-2026-23665 Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability Necessary Azure MCP Server CVE-2026-26118 Azure MCP Server Instruments Elevation of Privilege Vulnerability Necessary Azure Portal Home windows Admin Heart CVE-2026-23660 Home windows Admin Heart in Azure Portal Elevation of Privilege Vulnerability Necessary Azure Home windows Digital Machine Agent CVE-2026-26117 Arc Enabled Servers – Azure Related Machine Agent Elevation of Privilege Vulnerability Necessary Broadcast DVR CVE-2026-23667 Broadcast DVR Elevation of Privilege Vulnerability Necessary Related Gadgets Platform Service (Cdpsvc) CVE-2026-24292 Home windows Related Gadgets Platform Service Elevation of Privilege Vulnerability Necessary GitHub Repo: zero-shot-scfoundation CVE-2026-23654 GitHub: Zero Shot SCFoundation Distant Code Execution Vulnerability Necessary Mariner CVE-2026-23235 f2fs: repair out-of-bounds entry in sysfs attribute learn/write Necessary Mariner CVE-2026-23234 f2fs: repair to keep away from UAF in f2fs_write_end_io() Necessary Mariner CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow Average Mariner CVE-2026-23237 platform/x86: classmate-laptop: Add lacking NULL pointer checks Average Mariner CVE-2026-26017 CoreDNS ACL Bypass Necessary Mariner CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability Necessary Mariner CVE-2026-2297 SourcelessFileLoader doesn’t use io.open_code() Average Mariner CVE-2026-0038 In a number of features of mem_protect.c, there’s a doable solution to execute arbitrary code because of a logic error within the code. This might result in native escalation of privilege with no extra execution privileges wanted. Person interplay isn’t wanted for exploitation. Necessary Mariner CVE-2026-27601 Underscore.js has limitless recursion in _.flatten and _.isEqual, potential for DoS assault Necessary Mariner CVE-2026-23236 fbdev: smscufx: correctly copy ioctl reminiscence to kernelspace Average Mariner CVE-2026-23865 An integer overflow within the tt_var_load_item_variation_store perform of the Freetype library in variations 2.13.2 and a pair of.13.3 might enable for an out of bounds learn operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This situation is mounted in model 2.14.2. Average Mariner CVE-2025-71238 scsi: qla2xxx: Repair bsg_done() inflicting double free Average Mariner CVE-2026-3338 PKCS7_verify Signature Validation Bypass in AWS-LC Necessary Mariner CVE-2026-23231 netfilter: nf_tables: repair use-after-free in nf_tables_addchain() Necessary Mariner CVE-2026-3381 Compress::Uncooked::Zlib variations by means of 2.219 for Perl use probably insecure variations of zlib Essential Mariner CVE-2026-0031 In a number of features of mem_protect.c, there’s a doable out of bounds write because of an integer overflow. This might result in native escalation of privilege with no extra execution privileges wanted. Person interplay isn’t wanted for exploitation. Necessary Mariner CVE-2026-23238 romfs: examine sb_set_blocksize() return worth Average Mariner CVE-2026-3494 MariaDB Server Audit Plugin Remark Dealing with Bypass Average Mariner CVE-2026-3336 PKCS7_verify Certificates Chain Validation Bypass in AWS-LC Necessary Mariner CVE-2026-0032 In a number of features of mem_protect.c, there’s a doable out-of-bounds write because of a logic error within the code. This might result in native escalation of privilege with no extra execution privileges wanted. Person interplay isn’t wanted for exploitation. Necessary Microsoft Authenticator CVE-2026-26123 Microsoft Authenticator Info Disclosure Vulnerability Necessary Microsoft Brokering File System CVE-2026-25167 Microsoft Brokering File System Elevation of Privilege Vulnerability Necessary Microsoft Gadgets Pricing Program CVE-2026-21536 Microsoft Gadgets Pricing Program Distant Code Execution Vulnerability Essential Microsoft Edge (Chromium-based) CVE-2026-3544 Chromium: CVE-2026-3544 Heap buffer overflow in WebCodecs Unknown Microsoft Edge (Chromium-based) CVE-2026-3540 Chromium: CVE-2026-3540 Inappropriate implementation in WebAudio Unknown Microsoft Edge (Chromium-based) CVE-2026-3536 Chromium: CVE-2026-3536 Integer overflow in ANGLE Unknown Microsoft Edge (Chromium-based) CVE-2026-3538 Chromium: CVE-2026-3538 Integer overflow in Skia Unknown Microsoft Edge (Chromium-based) CVE-2026-3545 Chromium: CVE-2026-3545 Inadequate information validation in Navigation Unknown Microsoft Edge (Chromium-based) CVE-2026-3541 Chromium: CVE-2026-3541 Inappropriate implementation in CSS Unknown Microsoft Edge (Chromium-based) CVE-2026-3543 Chromium: CVE-2026-3543 Inappropriate implementation in V8 Unknown Microsoft Edge (Chromium-based) CVE-2026-3539 Chromium: CVE-2026-3539 Object lifecycle situation in DevTools Unknown Microsoft Edge (Chromium-based) CVE-2026-3542 Chromium: CVE-2026-3542 Inappropriate implementation in WebAssembly Unknown Microsoft Graphics Part CVE-2026-25169 Home windows Graphics Part Denial of Service Vulnerability Necessary Microsoft Graphics Part CVE-2026-25180 Home windows Graphics Part Info Disclosure Vulnerability Necessary Microsoft Graphics Part CVE-2026-25168 Home windows Graphics Part Denial of Service Vulnerability Necessary Microsoft Graphics Part CVE-2026-23668 Home windows Graphics Part Elevation of Privilege Vulnerability Necessary Microsoft Workplace CVE-2026-26110 Microsoft Workplace Distant Code Execution Vulnerability Essential Microsoft Workplace CVE-2026-26113 Microsoft Workplace Distant Code Execution Vulnerability Essential Microsoft Workplace CVE-2026-26134 Microsoft Workplace Elevation of Privilege Vulnerability Necessary Microsoft Workplace Excel CVE-2026-26144 Microsoft Excel Info Disclosure Vulnerability Essential Microsoft Workplace Excel CVE-2026-26109 Microsoft Excel Distant Code Execution Vulnerability Necessary Microsoft Workplace Excel CVE-2026-26108 Microsoft Excel Distant Code Execution Vulnerability Necessary Microsoft Workplace Excel CVE-2026-26107 Microsoft Excel Distant Code Execution Vulnerability Necessary Microsoft Workplace Excel CVE-2026-26112 Microsoft Excel Distant Code Execution Vulnerability Necessary Microsoft Workplace SharePoint CVE-2026-26105 Microsoft SharePoint Server Spoofing Vulnerability Necessary Microsoft Workplace SharePoint CVE-2026-26114 Microsoft SharePoint Server Distant Code Execution Vulnerability Necessary Microsoft Workplace SharePoint CVE-2026-26106 Microsoft SharePoint Server Distant Code Execution Vulnerability Necessary Microsoft Semantic Kernel Python SDK CVE-2026-26030 GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter performance susceptible Necessary Cost Orchestrator Service CVE-2026-26125 Cost Orchestrator Service Elevation of Privilege Vulnerability Essential Push Message Routing Service CVE-2026-24282 Push message Routing Service Elevation of Privilege Vulnerability Necessary Position: Home windows Hyper-V CVE-2026-25170 Home windows Hyper-V Elevation of Privilege Vulnerability Necessary SQL Server CVE-2026-21262 SQL Server Elevation of Privilege Vulnerability Necessary SQL Server CVE-2026-26116 SQL Server Elevation of Privilege Vulnerability Necessary SQL Server CVE-2026-26115 SQL Server Elevation of Privilege Vulnerability Necessary System Heart Operations Supervisor CVE-2026-20967 System Heart Operations Supervisor (SCOM) Elevation of Privilege Vulnerability Necessary Home windows Accessibility Infrastructure (ATBroker.exe) CVE-2026-25186 Home windows Accessibility Infrastructure (ATBroker.exe) Info Disclosure Vulnerability Necessary Home windows Accessibility Infrastructure (ATBroker.exe) CVE-2026-24291 Home windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability Necessary Home windows Ancillary Perform Driver for WinSock CVE-2026-25179 Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability Necessary Home windows Ancillary Perform Driver for WinSock CVE-2026-24293 Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability Necessary Home windows Ancillary Perform Driver for WinSock CVE-2026-25176 Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability Necessary Home windows Ancillary Perform Driver for WinSock CVE-2026-25178 Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability Necessary Home windows App Installer CVE-2026-23656 Home windows App Installer Spoofing Vulnerability Necessary Home windows Authentication Strategies CVE-2026-25171 Home windows Authentication Elevation of Privilege Vulnerability Necessary Home windows Bluetooth RFCOM Protocol Driver CVE-2026-23671 Home windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability Necessary Home windows Gadget Affiliation Service CVE-2026-24296 Home windows Gadget Affiliation Service Elevation of Privilege Vulnerability Necessary Home windows Gadget Affiliation Service CVE-2026-24295 Home windows Gadget Affiliation Service Elevation of Privilege Vulnerability Necessary Home windows DWM Core Library CVE-2026-25189 Home windows DWM Core Library Elevation of Privilege Vulnerability Necessary Home windows Extensible File Allocation CVE-2026-25174 Home windows Extensible File Allocation Desk Elevation of Privilege Vulnerability Necessary Home windows File Server CVE-2026-24283 A number of UNC Supplier Kernel Driver Elevation of Privilege Vulnerability Necessary Home windows GDI CVE-2026-25190 GDI Distant Code Execution Vulnerability Necessary Home windows GDI+ CVE-2026-25181 GDI+ Info Disclosure Vulnerability Necessary Home windows Kerberos CVE-2026-24297 Home windows Kerberos Safety Function Bypass Vulnerability Necessary Home windows Kernel CVE-2026-26132 Home windows Kernel Elevation of Privilege Vulnerability Necessary Home windows Kernel CVE-2026-24289 Home windows Kernel Elevation of Privilege Vulnerability Necessary Home windows Kernel CVE-2026-24287 Home windows Kernel Elevation of Privilege Vulnerability Necessary Home windows MapUrlToZone CVE-2026-23674 MapUrlToZone Safety Function Bypass Vulnerability Necessary Home windows Cellular Broadband CVE-2026-24288 Home windows Cellular Broadband Driver Distant Code Execution Vulnerability Necessary Home windows NTFS CVE-2026-25175 Home windows NTFS Elevation of Privilege Vulnerability Necessary Home windows Efficiency Counters CVE-2026-25165 Efficiency Counters for Home windows Elevation of Privilege Vulnerability Necessary Home windows Print Spooler Elements CVE-2026-23669 Home windows Print Spooler Distant Code Execution Vulnerability Necessary Home windows Projected File System CVE-2026-24290 Home windows Projected File System Elevation of Privilege Vulnerability Necessary Home windows Resilient File System (ReFS) CVE-2026-23673 Home windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Necessary Home windows Routing and Distant Entry Service (RRAS) CVE-2026-26111 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Necessary Home windows Routing and Distant Entry Service (RRAS) CVE-2026-25173 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Necessary Home windows Routing and Distant Entry Service (RRAS) CVE-2026-25172 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Necessary Home windows Shell Hyperlink Processing CVE-2026-25185 Home windows Shell Hyperlink Processing Spoofing Vulnerability Necessary Home windows SMB Server CVE-2026-26128 Home windows SMB Server Elevation of Privilege Vulnerability Necessary Home windows SMB Server CVE-2026-24294 Home windows SMB Server Elevation of Privilege Vulnerability Necessary Home windows System Picture Supervisor CVE-2026-25166 Home windows System Picture Supervisor Evaluation and Deployment Package (ADK) Distant Code Execution Vulnerability Necessary Home windows Telephony Service CVE-2026-25188 Home windows Telephony Service Elevation of Privilege Vulnerability Necessary Home windows Common Disk Format File System Driver (UDFS) CVE-2026-23672 Home windows Common Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Necessary Home windows Win32K CVE-2026-24285 Win32k Elevation of Privilege Vulnerability Necessary Winlogon CVE-2026-25187 Winlogon Elevation of Privilege Vulnerability Necessary

- Advertisment -

Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws

March Patch Tuesday: Three excessive severity holes in Microsoft Workplace

The CSO function is evolving quick with AI in Cyber Protection technique

Microsoft releases Home windows 10 KB5078885 prolonged security replace

LEAVE A REPLY Cancel reply

Most Popular

PixieFail flaws affect PXE community boot in enterprise techniques

PixieFail UEFI Flaws Expose Tens of millions of Computer systems to RCE, DoS, and Data Theft

New Marvin assault revives 25-year-old decryption flaw in RSA

1000’s of Juniper gadgets susceptible to unauthenticated RCE flaw

Why Instagram Threads is a hotbed of dangers for companies

Phishing Campaigns Ship New SideTwist Backdoor and Agent Tesla Variant

Prospects warned to cancel bank cards

EDITOR PICKS

The Subsequent Era of RBI (Distant Browser Isolation)

Die 6 größten Cyberbedrohungen im Gesundheitswesen

Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware through ZIP Archives

POPULAR News

PixieFail flaws affect PXE community boot in enterprise techniques

PixieFail UEFI Flaws Expose Tens of millions of Computer systems to RCE, DoS, and Data Theft

New Marvin assault revives 25-year-old decryption flaw in RSA

POPULAR TAGS

POPULAR Tags

POPULAR Tags

ABOUT US

FOLLOW US