Microsoft’s March 2026 replace fixes 80+ safety vulnerabilities

Microsoft Workplace safety fixes

Microsoft has mounted 13 vulnerabilities in its Workplace household, three of that are labeled as crucial. These embrace the CVE-2026-26144 knowledge leak in Excel. This XSS (cross-site scripting) vulnerability may very well be exploited by an attacker to extract info utilizing the Copilot agent.

CVE-2026-26110 and CVE-2026-26113, however, are RCE (distant code execution) vulnerabilities that can be utilized to inject and execute malicious code. Right here, the preview window is an assault vector—you don’t even must open an Workplace file to allow a profitable assault.

The opposite RCE vulnerabilities in Excel can’t be exploited through the preview window, nor can the 2 RCE vulnerabilities in SharePoint.

Home windows safety fixes

A lot of the vulnerabilities—48 this time—are unfold throughout the varied Home windows variations (10, 11, and Server) for which Microsoft nonetheless helps with safety updates.

Home windows 10 continues to be listed as an affected system, regardless that help formally expired in October. This was not the case with Home windows 7, regardless of the ESU (Prolonged Safety Updates) program.

PrintNightmare reloaded?!

The RCE vulnerability CVE-2026-23669 within the Home windows print queue reminds consultants of the “PrintNightmare” exploit from July 2021 as a result of it really works in a really comparable manner: a privileged attacker sends particular messages over the community to susceptible programs to inject and execute malicious code with out consumer help. Nonetheless, no assaults within the wild on this vulnerability are recognized to this point.

Three RCE vulnerabilities in Home windows Routing and Distant Entry Service (RRAS) obtain a CVSS rating of 8.0 to eight.8. In the meantime, 4 EoP (Elevation of Privilege) vulnerabilities within the Winsock add-on driver rating between CVSS 7 and seven.8.

Tip: Whether or not you retain your working system updated, it is best to maximize the safety of your PC with respected antivirus software program. For choices, try our picks for the very best Home windows antivirus software program. For those who worth privateness, additionally try the very best VPN suppliers.

Zero-day Microsoft vulnerabilities

Safety vulnerabilities that aren’t actively being exploited however are already recognized earlier than an replace is launched are additionally thought-about zero-day vulnerabilities. There are two of this sort this time: CVE-2026-26127 is a DoS (denial of service) vulnerability in .NET and CVE-2026-21262 is an EoP vulnerability in SQL Server (CVSS 8.8).

Microsoft Edge safety fixes

The newest safety replace for Edge 145.0.3800.97 is dated March sixth and is predicated on Chromium 145.0.7632.160. It fixes 10 Chromium vulnerabilities. Nonetheless, Google has since launched Chrome and Chromium 146, and a corresponding Edge replace is anticipated to be launched on the finish of this week.

Additional studying: Don’t get hacked! 10 very important safety tweaks