Today’s Patch Tuesday Alert addresses Microsoft’s March 2026 Security Updates. The FIRE team is actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.
In-The-Wild & Disclosed CVEs
A vulnerability in SQL Server could allow an authenticated attacker to elevate their permissions to sysadmin. This impacts both traditional SQL Server installations and Azure-Based (IaaS) SQL Server instances. Microsoft has reported this vulnerability as Exploitation Less Likely.
A vulnerability in .NET could allow an unauthenticated attacker to perform a remote denial of service. Both .NET 9.0 and 10.0 are impacted on Windows, Linux, and macOS. Microsoft has reported this vulnerability as Exploitation Unlikely.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted
| Tag | CVE Count | CVEs |
| SQL Server | 3 | CVE-2026-21262, CVE-2026-26115, CVE-2026-26116 |
| Azure Portal Windows Admin Center | 1 | CVE-2026-23660 |
| Azure IoT Explorer | 4 | CVE-2026-23664, CVE-2026-26121, CVE-2026-23661, CVE-2026-23662 |
| Broadcast DVR | 1 | CVE-2026-23667 |
| Microsoft Graphics Component | 4 | CVE-2026-23668, CVE-2026-25168, CVE-2026-25169, CVE-2026-25180 |
| Windows Print Spooler Components | 1 | CVE-2026-23669 |
| Windows Bluetooth RFCOM Protocol Driver | 1 | CVE-2026-23671 |
| Windows Universal Disk Format File System Driver (UDFS) | 1 | CVE-2026-23672 |
| Windows Resilient File System (ReFS) | 1 | CVE-2026-23673 |
| Push Message Routing Service | 1 | CVE-2026-24282 |
| Windows File Server | 1 | CVE-2026-24283 |
| Windows Win32K | 1 | CVE-2026-24285 |
| Windows Kernel | 3 | CVE-2026-24287, CVE-2026-24289, CVE-2026-26132 |
| Windows Mobile Broadband | 1 | CVE-2026-24288 |
| Windows Projected File System | 1 | CVE-2026-24290 |
| Windows Accessibility Infrastructure (ATBroker.exe) | 2 | CVE-2026-24291, CVE-2026-25186 |
| Connected Devices Platform Service (Cdpsvc) | 1 | CVE-2026-24292 |
| Windows Ancillary Function Driver for WinSock | 4 | CVE-2026-24293, CVE-2026-25176, CVE-2026-25178, CVE-2026-25179 |
| Windows SMB Server | 2 | CVE-2026-24294, CVE-2026-26128 |
| Windows Device Association Service | 2 | CVE-2026-24295, CVE-2026-24296 |
| Windows Kerberos | 1 | CVE-2026-24297 |
| Windows Performance Counters | 1 | CVE-2026-25165 |
| Windows System Image Manager | 1 | CVE-2026-25166 |
| Microsoft Brokering File System | 1 | CVE-2026-25167 |
| Role: Windows Hyper-V | 1 | CVE-2026-25170 |
| Windows Authentication Methods | 1 | CVE-2026-25171 |
| Windows Routing and Remote Access Service (RRAS) | 3 | CVE-2026-25172, CVE-2026-25173, CVE-2026-26111 |
| Windows Extensible File Allocation | 1 | CVE-2026-25174 |
| Windows NTFS | 1 | CVE-2026-25175 |
| Active Directory Domain Services | 1 | CVE-2026-25177 |
| Windows GDI+ | 1 | CVE-2026-25181 |
| Windows Shell Link Processing | 1 | CVE-2026-25185 |
| Winlogon | 1 | CVE-2026-25187 |
| Windows Telephony Service | 1 | CVE-2026-25188 |
| Windows DWM Core Library | 1 | CVE-2026-25189 |
| Windows GDI | 1 | CVE-2026-25190 |
| Microsoft Office SharePoint | 3 | CVE-2026-26105, CVE-2026-26114, CVE-2026-26106 |
| Microsoft Office Excel | 5 | CVE-2026-26112, CVE-2026-26107, CVE-2026-26108, CVE-2026-26109, CVE-2026-26144 |
| Microsoft Office | 3 | CVE-2026-26113, CVE-2026-26134, CVE-2026-26110 |
| Windows App Installer | 1 | CVE-2026-23656 |
| System Center Operations Manager | 1 | CVE-2026-20967 |
| .NET | 2 | CVE-2026-26131, CVE-2026-26127 |
| Windows MapUrlToZone | 1 | CVE-2026-23674 |
| Azure Compute Gallery | 3 | CVE-2026-23651, CVE-2026-26124, CVE-2026-26122 |
| Microsoft Devices Pricing Program | 1 | CVE-2026-21536 |
| Payment Orchestrator Service | 1 | CVE-2026-26125 |
| Microsoft Edge (Chromium-based) | 9 | CVE-2026-3545, CVE-2026-3544, CVE-2026-3542, CVE-2026-3540, CVE-2026-3536, CVE-2026-3538, CVE-2026-3543, CVE-2026-3541, CVE-2026-3539 |
| Azure Entra ID | 1 | CVE-2026-26148 |
| GitHub Repo: zero-shot-scfoundation | 1 | CVE-2026-23654 |
| Azure Linux Virtual Machines | 1 | CVE-2026-23665 |
| Azure Windows Virtual Machine Agent | 1 | CVE-2026-26117 |
| Azure MCP Server | 1 | CVE-2026-26118 |
| Microsoft Authenticator | 1 | CVE-2026-26123 |
| ASP.NET Core | 1 | CVE-2026-26130 |
| Azure Arc | 1 | CVE-2026-26141 |
| Microsoft Semantic Kernel Python SDK | 1 | CVE-2026-26030 |
| Mariner | 20 | CVE-2026-23234, CVE-2026-23235, CVE-2026-23237, CVE-2026-23238, CVE-2026-3336, CVE-2026-0038, CVE-2026-27601, CVE-2026-2297, CVE-2026-26017, CVE-2026-26018, CVE-2026-23865, CVE-2026-23236, CVE-2025-71238, CVE-2026-23231, CVE-2026-3338, CVE-2026-3381, CVE-2026-0032, CVE-2026-0031, CVE-2026-3494, CVE-2026-3713 |
Other Information
At the time of publication, there were no new advisories included with the March Security Guidance.
