Microsoft Fixes 80+ Flaws, Warns of 6 High-Risk Exploits
▼ Summary
– Microsoft’s March 2026 Patch Tuesday addressed over 80 vulnerabilities, with two being publicly disclosed but not actively exploited.
– Six vulnerabilities are considered “more likely” to be exploited and all allow attackers to elevate privileges on targeted systems.
– Security experts highlighted CVE-2026-24291 in Windows Accessibility Infrastructure as highly prized by attackers for granting total SYSTEM control.
– Four other vulnerabilities, including critical RCE flaws in Windows Print Spooler and Office, were singled out as requiring quick patching.
– Critical bugs in Microsoft cloud services were mitigated server-side, while a flaw in Microsoft Authenticator requires user interaction for exploitation.
Microsoft’s March 2026 security update is a substantial one, resolving over 80 vulnerabilities across its software and cloud ecosystem. While only two flaws were publicly disclosed prior to the patch, security experts are urging immediate attention on a specific group of six high-risk exploits. These six vulnerabilities are all classified as “more likely” to be exploited and share a common, dangerous purpose: allowing attackers to escalate their privileges on a compromised system.
The two publicly known issues are CVE-2026-21262 in SQL Server and CVE-2026-26127 in .NET. Microsoft assesses the risk of exploitation for these as “less likely” and “unlikely,” respectively. The far greater concern lies elsewhere. The highlighted sextet of privilege escalation flaws includes two use-after-free errors in the Windows Kernel (CVE-2026-24289, CVE-2026-26132) and a race condition within the Windows Graphics Component (CVE-2026-23668). Dustin Childs from Trend Micro’s Zero Day Initiative noted that the graphics flaw originated as two separate bug reports, underscoring “the need for variant investigations when creating security patches.”
Rounding out this critical group are CVE-2026-24294 in the Windows SMB Server, caused by improper authentication, and CVE-2026-25187 in Winlogon, stemming from improper link resolution. Perhaps the most prized by threat actors is CVE-2026-24291, which affects the Windows Accessibility Infrastructure. Ben McCarthy, lead cyber security engineer at Immersive, explained that this flaw is highly sought-after because it reliably transitions a limited user account to full SYSTEM privileges, granting total control and the ability to bypass endpoint detection tools. He emphasized that because this component is ubiquitous, “the potential attack surface is vast, making the rapid deployment of the official fix essential.”
Beyond these, Childs identified four additional vulnerabilities warranting swift patching. These include a remote code execution flaw in the Windows Print Spooler (CVE-2026-23669), a critical cross-site scripting bug in Excel (CVE-2026-26144) that could trick the Copilot Agent into data exfiltration, and two more remote code execution vulnerabilities in Microsoft Office (CVE-2026-26110, CVE-2026-26113). He pointed out the recurring pattern with Office bugs where the Preview Pane acts as an attack vector, warning that “it’s just a matter of time until they start appearing in active exploits.”
Several critical bugs in cloud services, including Microsoft ACI Confidential Containers and the Payment Orchestrator Service, were mitigated server-side by Microsoft, requiring no action from users. A separate advisory concerns CVE-2026-26123, a flaw in Microsoft Authenticator for Android and iOS. The Dutch National Cyber Security Center warned it could be exploited via a rogue app in a targeted man-in-the-middle attack. Microsoft clarified that exploitation requires significant user interaction, such as mistakenly selecting a malicious app to handle a sign-in link. Adam Barnett of Rapid7 advised enterprise defenders to review their mobile device management policies regarding app choice enforcement and patching for multi-factor authentication applications.
(Source: HelpNet Security)
