{"id":222315,"date":"2026-03-11T05:15:00","date_gmt":"2026-03-11T09:15:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/11\/microsoft-patches-84-flaws-in-march-patch-tuesday-including-two-public-zero-days\/"},"modified":"2026-03-11T08:25:08","modified_gmt":"2026-03-11T12:25:08","slug":"microsoft-patches-84-flaws-in-march-patch-tuesday-including-two-public-zero-days","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/11\/microsoft-patches-84-flaws-in-march-patch-tuesday-including-two-public-zero-days\/","title":{"rendered":"Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/microsoft-patches-84-flaws-in-march.html\">Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/microsoft-patches-84-flaws-in-march.html\">https:\/\/thehackernews.com\/2026\/03\/microsoft-patches-84-flaws-in-march.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-11 05:15:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known.<\/p>\n<p>Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, four spoofing, four denial-of-service, and two security feature bypass flaws.<\/p>\n<p>The fixes are in addition to 10 vulnerabilities that have been addressed in its Chromium-based Edge browser since the release of the February 2026 Patch Tuesday update.<\/p>\n<p>The two publicly disclosed zero-days are CVE-2026-26127 (CVSS score: 7.5), a denial-of-service vulnerability in .NET, and CVE-2026-21262 (CVSS score: 8.8), an elevation of privilege vulnerability in SQL Server.<\/p>\n<p>The vulnerability with the highest CVSS score in this month&#8217;s update is a critical remote code execution flaw in the Microsoft Devices Pricing Program. CVE-2026-21536 (CVSS score: 9.8), per Microsoft, has been fully mitigated, and no action is required from users. Artificial intelligence (AI)-powered autonomous vulnerability discovery platform XBOW has been credited with discovering and reporting the issue.<\/p>\n<p>&#8220;This month, over half (55%) of all Patch Tuesday CVEs were privilege escalation bugs, and of those, six were rated exploitation more likely across Windows Graphics Component, Windows Accessibility Infrastructure, Windows Kernel, Windows SMB Server, and Winlogon,&#8221; Satnam Narang, senior staff research engineer at Tenable, said.<\/p>\n<p>&#8220;We know these bugs are typically used by threat actors as part of post-compromise activity, once they get onto systems through other means (social engineering, exploitation of another vulnerability).&#8221;<\/p>\n<p>The Winlogon privilege escalation flaw (CVE-2026-25187, CVSS score: 7.8), in particular, leverages improper link resolution to obtain SYSTEM privileges. Google Project Zero researcher James Forshaw has&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/microsoft-patches-84-flaws-in-march.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days https:\/\/thehackernews.com\/2026\/03\/microsoft-patches-84-flaws-in-march.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":222316,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEipDVdeJebBFVnXLhsh2P4nBqmuh4R-UtLH7ZFvyw1W95zBU4YX4GF6I1WZ7g3ALEq596lEFr6q8iuGZ_PG2D12h67cLuNhCnSplkg_kDNbKyvTJnByhz2WAeAL9YHXCpJp0D3UOnhuydFZ6-jfXi6DLx5upod8egCtZ2lZhmbUzIprEusPyz0efzBMFzFI\/s1600\/windows-patch.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,27],"class_list":["post-222315","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222315"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=222315"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222315\/revisions"}],"predecessor-version":[{"id":222317,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222315\/revisions\/222317"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/222316"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=222315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=222315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=222315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}