{"id":222177,"date":"2026-03-10T20:37:00","date_gmt":"2026-03-11T00:37:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/10\/microsoft-patch-tuesday-march-2026-edition-krebs-on-security\/"},"modified":"2026-03-10T20:40:10","modified_gmt":"2026-03-11T00:40:10","slug":"microsoft-patch-tuesday-march-2026-edition-krebs-on-security","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/10\/microsoft-patch-tuesday-march-2026-edition-krebs-on-security\/","title":{"rendered":"Microsoft Patch Tuesday, March 2026 Edition \u2013 Krebs on Security"},"content":{"rendered":"<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/03\/microsoft-patch-tuesday-march-2026-edition\/\">Microsoft Patch Tuesday, March 2026 Edition \u2013 Krebs on Security<\/a><\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/03\/microsoft-patch-tuesday-march-2026-edition\/\">https:\/\/krebsonsecurity.com\/2026\/03\/microsoft-patch-tuesday-march-2026-edition\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-10 20:37:00<\/a><\/p>\n<p>Source Domain: <a href=\"krebsonsecurity.com\">krebsonsecurity.com<\/a><\/p>\n<p><strong>Microsoft Corp.<\/strong> today pushed security updates to fix at least 77 vulnerabilities in its <strong>Windows<\/strong> operating systems and other software. There are no pressing \u201czero-day\u201d flaws this month (compared to February\u2019s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month\u2019s Patch Tuesday.<\/p>\n<p id=\"caption-attachment-73312\" class=\"wp-caption-text\">Image: Shutterstock, @nwz.<\/p>\n<p>Two of the bugs Microsoft patched today were publicly disclosed previously. CVE-2026-21262 is a weakness that allows an attacker to elevate their privileges on <strong>SQL Server 2016<\/strong> and later editions.<\/p>\n<p>\u201cThis isn\u2019t just any elevation of privilege vulnerability, either; the advisory notes that an authorized attacker can elevate privileges to sysadmin over a network,\u201d Rapid7\u2019s <strong>Adam Barnett<\/strong> said. \u201cThe CVSS v3 base score of 8.8 is just below the threshold for critical severity, since low-level privileges are required. It would be a courageous defender who shrugged and deferred the patches for this one.\u201d<\/p>\n<p>The other publicly disclosed flaw is CVE-2026-26127, a vulnerability in applications running on <strong>.NET<\/strong>. Barnett said the immediate impact of exploitation is likely limited to denial of service by triggering a crash, with the potential for other types of attacks during a service reboot.<\/p>\n<p>It would hardly be a proper Patch Tuesday without at least one critical <strong>Microsoft Office<\/strong> exploit, and this month doesn\u2019t disappoint. CVE-2026-26113 and CVE-2026-26110 are both remote code execution flaws that can be triggered just by viewing a booby-trapped message in the Preview Pane.<span id=\"more-73276\"\/><\/p>\n<p><strong>Satnam Narang<\/strong> at <strong>Tenable<\/strong> notes that just over half (55%) of all Patch Tuesday CVEs this month are privilege escalation bugs, and of those, a half dozen were rated \u201cexploitation more likely\u201d \u2014 across Windows Graphics Component, Windows Accessibility Infrastructure, Windows Kernel, Windows SMB Server and Winlogon. These include:<\/p>\n<p>\u2013CVE-2026-24291: Incorrect permission&#8230;<\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/03\/microsoft-patch-tuesday-march-2026-edition\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Patch Tuesday, March 2026 Edition \u2013 Krebs on Security https:\/\/krebsonsecurity.com\/2026\/03\/microsoft-patch-tuesday-march-2026-edition\/ Publish Date: 2026-03-10 20:37:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":222178,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/winupdatechecking.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,27],"class_list":["post-222177","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222177"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=222177"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222177\/revisions"}],"predecessor-version":[{"id":222179,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222177\/revisions\/222179"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/222178"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=222177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=222177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=222177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}