Urgent Windows update: Microsoft closes 79 vulnerabilities including two zero-days in March

This week, Microsoft released March 2026 security updates for Windows and other products, fixing 79 vulnerabilities, including two publicly disclosed zero-days. The patches, released on the second Tuesday of the month, known as Patch Tuesday, address serious flaws that could allow elevation of privilege, remote code execution and other risks on systems Windows 11 and earlier. Usuários should install updates as soon as possible to protect their devices against possible exploits.

The fixes arrive through packages KB5079473, aimed at the latest versions of Windows 11 (24H2 and 25H2), and KB5078883, for version 23H2. Para o Windows 10, still under extended support (ESU), KB5078885 was released. Essas cumulative updates include previously announced security fixes and quality improvements.

The fixed vulnerabilities cover several components of the operating system and related platforms, such as SQL Server and .NET. Entre The most common types are identity supplantation, elevation of privilege, and remote code execution. Microsoft recommends immediate installation, especially in corporate environments, to mitigate risks of remote or local attacks.

Details of zero-day vulnerabilities

The two fixed zero-day flaws represent the main highlights of this round of patches. Elas were publicly released before the fixes were made available, which increases the urgency for updating.

CVE-2026-21262 affects Microsoft SQL Server and allows elevation of privileges. An attacker with authorized access could exploit flaws in access control to obtain administrator (sysadmin) permissions for network operations. The vulnerability impacts editions of SQL Server from 2016 onwards.

CVE-2026-26127 affects the .NET platform and causes denial of service through reading outside of memory limits. A remote attacker could exploit the issue to disrupt .NET services on Windows, macOS, and Linux, affecting applications developed with .NET 9 and 10.

Distribution of fixed vulnerabilities

The 79 security issues are divided into specific categories, highlighting types that facilitate advanced attacks.

There were 23 elevation of privilege vulnerabilities, allowing attackers with limited access to gain administrative or system control. Essas flaws affect Windows kernel components and services.

Another 23 flaws involve remote code execution, enabling the insertion and execution of malware without physical user interaction, generally via manipulated files or exposed services.

25 identity override vulnerabilities were fixed, which allow them to pretend to be legitimate entities in the system, deceiving authentication mechanisms.

Additionally, four information disclosure cases expose sensitive data, such as memory addresses or internal settings.

Leia Tambem

Colby Minifie confirms Ashley Barrett’s powers in The Boys season five

Napoli x Milan in Serie A with confirmed lineups and where to watch live

New battery test puts Galaxy S26 Ultra ahead of iPhone 17 Pro Max in global ranking

Other types of failures and improvements

Three security function bypass vulnerabilities have been resolved, allowing you to bypass native Windows protections and facilitate other exploits.

An additional denial of service flaw complements the zero-day in .NET, which can cause interruptions in critical services.

The updates also incorporate non-security fixes, such as graphical stability improvements for Windows 10, tweaks for Secure Boot, and optimizations to storage settings dialogs for Windows 11.

These changes aim to fix unexpected behavior on GPUs and strengthen the secure boot process.

How to install updates

Updates install automatically via Windows Update in most cases. Para check or force installation, go to Configurações > Windows Update > Buscar updates.

Advanced users can manually download packages from the Microsoft Update catalog, allowing offline installation. Após the download, restart your device to apply the fixes completely.

Microsoft emphasizes the importance of keeping the system up to date, especially in scenarios where SQL Server or .NET applications are used.

Recommendations for users and administrators

IT administrators should prioritize environments with SQL Server and .NET exposed to the network. Testes in controlled environments helps avoid incompatibilities.

Home users just need to ensure that Windows Update is enabled. The installation takes place in the background and ends with a restart.

Keeping the system up to date significantly reduces the risks of exploitation by cyber criminals.