Fortra's March 2026 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.
Up first on the list are patches for Microsoft Edge (Chromium-based) that resolve buffer overflow, integer overflow, inappropriate implementation, and insufficient data validation vulnerabilities.
Next on the list are patches for Microsoft Office and Excel. These patches resolve 8 issues including elevation of privilege, remote code execution, and information disclosure vulnerabilities.
Up next are patches that affect components of the core Windows operating system. These patches resolve over 50 vulnerabilities, including elevation of privilege, information disclosure, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect Kernel, GDI, Graphics Component, Device Association Service, RRAS, DWM Core, and various others.
Next are patches that address .NET and ASP.Net Core, including 2 denial of service and 1 elevation of privilege vulnerabilities.
Lastly, administrators should focus on server-side patches for Hyper-V, SMB Server, Active Directory, SharePoint, and SQL Server. These patches resolve 11 issues including remote code execution, elevation of privilege, and spoofing vulnerabilities.
| BULLETIN | CVE |
|---|---|
| Microsoft Edge (Chromium-based) | CVE-2026-3536, CVE-2026-3538, CVE-2026-3539, CVE-2026-3540, CVE-2026-3541, CVE-2026-3542, CVE-2026-3543, CVE-2026-3544, CVE-2026-3545 |
| Microsoft Office Excel | CVE-2026-26144, CVE-2026-26107, CVE-2026-26112, CVE-2026-26109, CVE-2026-26108 |
| Microsoft Office | CVE-2026-26134, CVE-2026-26110, CVE-2026-26113 |
| Windows | CVE-2026-25188, CVE-2026-26125, CVE-2026-25181, CVE-2026-23654, CVE-2026-23673, CVE-2026-25167, CVE-2026-24290, CVE-2026-25176, CVE-2026-25179, CVE-2026-25178, CVE-2026-24293, CVE-2026-24288, CVE-2026-25185, CVE-2026-25165, CVE-2026-24283, CVE-2026-23674, CVE-2026-24295, CVE-2026-24296, CVE-2026-25168, CVE-2026-25169, CVE-2026-23668, CVE-2026-25180, CVE-2026-26030, CVE-2026-23667, CVE-2026-25166, CVE-2026-26121, CVE-2026-23664, CVE-2026-23661, CVE-2026-23662, CVE-2026-25189, CVE-2026-24291, CVE-2026-25186, CVE-2026-24292, CVE-2026-25171, CVE-2026-26111, CVE-2026-25173, CVE-2026-25172, CVE-2026-24297, CVE-2026-25174, CVE-2026-24285, CVE-2026-23671, CVE-2026-23669, CVE-2026-25187, CVE-2026-26132, CVE-2026-24289, CVE-2026-24287, CVE-2026-23672, CVE-2026-21536, CVE-2026-25190, CVE-2026-25175, CVE-2026-24282, CVE-2026-26123, CVE-2026-23656 |
| .NET | CVE-2026-26127, CVE-2026-26131 |
| ASP.NET Core | CVE-2026-25170 |
| Windows SMB Server | CVE-2026-26128, CVE-2026-24294 |
| System Center Operations Manager | CVE-2026-20967 |
| Active Directory Domain Services | CVE-2026-25177 |
| Microsoft Office SharePoint | CVE-2026-26106, CVE-2026-26114, CVE-2026-26105 |
| SQL Server | CVE-2026-26115, CVE-2026-26116, CVE-2026-21262 |
Cybercrime Intelligence Shouldn't Be Siloed
Fortra® experts are dedicated to protecting organizations and the public by delivering the latest insights, data, and defenses to strengthen security against emerging cyber threats.
