Microsoft Patches 83 Vulnerabilities

Microsoft Patches 83 Vulnerabilities

Microsoft Patches 83 Vulnerabilities

Microsoft has fixed a critical vulnerability, but none of the flaws fixed this Patch Tuesday have been exploited in the wild.

Vulnerability Overview

Microsoft on Tuesday announced patches for 83 vulnerabilities affecting its products. While none of the bugs have been flagged as exploited, two of them have been publicly disclosed, Microsoft’s advisories reveal.

These include CVE-2026-26127, a denial-of-service (DoS) issue in .NET, and CVE-2026-21262, an elevation of privilege defect in SQL Server.

Key Vulnerabilities

Microsoft’s March 2026 Patch Tuesday updates resolve a single critical-severity flaw, namely CVE-2026-21536 (CVSS score of 9.8), a remote code execution weakness in Devices Pricing Program that has already been fully mitigated by the tech giant.

Another security defect that stands out is CVE-2026-26118, an elevation of privilege issue in Azure MCP Server Tools that could be exploited by sending specially crafted input to a server tool that accepts user-supplied parameters.

Actionable Advice

Users should pay attention to five Azure security defects addressed this month, including an elevation of privilege issue in Azure Linux Virtual Machines (CVE-2026-23665), and one spoofing and three information disclosure flaws in Azure IoT Explorer (CVE-2026-26121, CVE-2026-23661, CVE-2026-23662, and CVE-2026-23664).

CSOs should ensure that they have solid asset inventories around the deployment of cloud-related systems and tools, so that admins know where these things exist and when they need to be fixed.