{"id":222318,"date":"2026-03-11T05:20:00","date_gmt":"2026-03-11T09:20:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/11\/microsoft-fixes-two-publicly-disclosed-zero-days\/"},"modified":"2026-03-11T08:30:11","modified_gmt":"2026-03-11T12:30:11","slug":"microsoft-fixes-two-publicly-disclosed-zero-days","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/11\/microsoft-fixes-two-publicly-disclosed-zero-days\/","title":{"rendered":"Microsoft Fixes Two Publicly Disclosed Zero-Days"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/microsoft-fixes-two-publicly\/\">Microsoft Fixes Two Publicly Disclosed Zero-Days<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/microsoft-fixes-two-publicly\/\">https:\/\/www.infosecurity-magazine.com\/news\/microsoft-fixes-two-publicly\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-11 05:20:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>In a welcome relief for sysadmins, Microsoft released security updates for just 79 vulnerabilities in this month\u2019s Patch Tuesday yesterday, including two publicly disclosed zero-days.<\/p>\n<p>Microsoft categorizes zero-day vulnerabilities as flaws which have either been exploited or disclosed without a patch available.<\/p>\n<p>March\u2019s Patch Tuesday selection included CVE-2026-21262: an SQL Server elevation of privilege (EoP) bug with a CVSS score of 8.8. That\u2019s just below \u201ccritical\u201d severity because low-level privileges are required, said Rapid7 principal software engineer, Adam Barnett.<\/p>\n<p>\u201cMicrosoft is aware of public disclosure, so while it assesses the likelihood of exploitation as less likely, it would be a courageous defender who shrugged and deferred the patches for this one,\u201d he added.<\/p>\n<p>\u201cMost SQL Server admins and security teams concluded many years ago that exposing SQL Server directly to the internet was not a good idea. Then again, popular search engines for internet-connected devices describe tens of thousands of SQL Server instances, and they can\u2019t all be honeypots.\u201d<\/p>\n<p>Read more on Patch Tuesday: Microsoft Fixes Six Zero Day Vulnerabilities\u00a0in February Patch Tuesday.<\/p>\n<p>The second zero-day vulnerability this month is CVE-2026-26127, a denial-of-service flaw in .NET.<\/p>\n<p>Barnett said exploitation in the wild could be more serious than it appears.<\/p>\n<p>\u201cIf a log forwarder or security agent is impacted, even for a brief period of time, an attacker might carry out an attack in that moment hoping to evade detection under cover of this artificial darkness,\u201d he claimed.<\/p>\n<p>\u201cEven if a low-skilled attacker simply causes downtime, in some contexts that could be enough to cause an SLA breach or loss of revenue, or at the very least cause a bleary-eyed defender to get paged in the middle of the night.\u201d<\/p>\n<h2><strong>EoP Takes Center Stage<\/strong><\/h2>\n<p>Overall, there are only three critical-rated vulnerabilities this month, two of which are remote code execution (RCE) and one an&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/microsoft-fixes-two-publicly\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Fixes Two Publicly Disclosed Zero-Days https:\/\/www.infosecurity-magazine.com\/news\/microsoft-fixes-two-publicly\/ Publish Date: 2026-03-11 05:20:00 Source Domain: www.infosecurity-magazine.com In&#8230;<\/p>\n","protected":false},"author":1,"featured_media":222319,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/15a53a0e-a227-47ad-83e4-2aa5632f97e6.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,27],"class_list":["post-222318","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222318"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=222318"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222318\/revisions"}],"predecessor-version":[{"id":222320,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222318\/revisions\/222320"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/222319"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=222318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=222318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=222318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}