Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited

Source: Help Net Security

Author: Zeljka Zorz

URL: https://www.helpnetsecurity.com/2026/03/11/march-2026-patch-tuesday/

ONE SENTENCE SUMMARY:

Microsoft’s March 2026 Patch Tuesday fixed 80+ flaws, emphasizing privilege-escalation, Office/Print RCE, Excel Copilot XSS, and Authenticator MITM risks.

MAIN POINTS:

1. March 2026 updates addressed 80+ vulnerabilities across Microsoft software and cloud services.
2. Two publicly disclosed issues included SQL Server SQLAdmin escalation and .NET denial-of-service.
3. Microsoft rated the disclosed SQL Server bug less likely, and .NET DoS unlikely, to exploit.
4. Six “more likely” vulnerabilities were all local privilege-escalation paths to SYSTEM/admin.
5. Windows Kernel use-after-free bugs (CVE-2026-24289, CVE-2026-26132) enabled elevation attacks.
6. Windows Graphics race condition (CVE-2026-23668) highlighted need for patch variant investigations.
7. SMB Server improper authentication (CVE-2026-24294) could facilitate privilege elevation.
8. Winlogon link-resolution flaw (CVE-2026-25187) enabled escalation via file-access misresolution.
9. ATBroker accessibility component (CVE-2026-24291) offered reliable limited-user to SYSTEM transition.
10. Rapid patching recommended for Print Spooler RCE, Excel Copilot XSS, and Office Preview Pane RCEs.

TAKEAWAYS:

1. Prioritize SYSTEM-level elevation fixes, especially ATBroker, due to broad Windows prevalence.
2. Treat Office Preview Pane RCEs as high-risk given repeated patch history and likely future exploitation.
3. Patch Print Spooler quickly because authenticated RCE remains a frequent enterprise attack vector.
4. Evaluate Copilot/agent-assisted data exfiltration exposure from Excel XSS and tighten data controls.
5. Enforce MFA app selection via MDM to reduce rogue-app deep-link MITM risk in Microsoft Authenticator.