Skip to main content

Microsoft Releases March 2026 Security Updates

Scheduled updates for Microsoft products address 83 vulnerabilities, including two zero-day vulnerabilities

Threat ID:
CC-4753
Threat Severity:
Medium
Published:
11 March 2026 1:35 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products address 83 vulnerabilities, including two zero-day vulnerabilities

Affected platforms

The following platforms are known to be affected:

Microsoft SQL Server

.NET Framework

The following platforms are also known to be affected:

Multiple other Microsoft platforms. Please see Microsoft's March 2026 Security Update guide for full details. 

Threat details

Introduction

Microsoft has released security updates to address 83 vulnerabilities in Microsoft products. Two vulnerabilities classed as zero-days by Microsoft are highlighted below.

  • CVE-2026-21262 - 'Improper access control' vulnerability in Microsoft SQL Server - CVSSv3 score: 8.8
  • CVE-2026-26127 - 'Out-of-bounds read' vulnerability in .NET Framework - CVSSv3 score: 7.5

Windows Autopatch is enabling hotpatch security updates by default

Starting with the May 2026 Windows security update, Microsoft will be enabling hotpatch security updates by default for eligible devices. This change will impact all eligible devices managed by Microsoft Intune, and applies whether you use Windows Autopatch through Microsoft Intune or the Windows updates API in Microsoft Graph.

For more details, please see Microsoft's Securing devices faster with hotpatch updates on by default blog post.

Remediation advice

Affected organisations are encouraged to review Microsoft's March 2026 Security Updates and apply the relevant updates as soon as possible.

Last edited: 11 March 2026 1:35 pm