Microsoft issued its monthly security updates on March Patch Tuesday, resolving a total of 84 vulnerabilities across products including Windows, Office, and cloud platforms. At present, no evidence exists of these issues being used in real-world attacks. Among them, eight receive a critical rating from Microsoft, while the others fall into the high-severity category.
The upcoming Patch Tuesday event is set for April 14, 2026.
For the Office suite, patches cover 13 flaws, with three deemed critical. One notable fix is CVE-2026-26144, an Excel information disclosure issue involving cross-site scripting that allows attackers to steal data through the Copilot feature.
In contrast, CVE-2026-26110 and CVE-2026-26113 represent remote code execution risks in Office, enabling code injection and running without requiring users to fully access a document, as the preview pane serves as the entry point for exploitation.
Additional remote code execution issues in Excel require more direct interaction and cannot be triggered via previews, similar to the two such flaws patched in SharePoint.
A significant portion of the fixes, totaling 48, target supported editions of Windows, encompassing versions 10, 11, and Server.
Even after its official end-of-support date in October, Windows 10 remains included in the update list. This differs from the handling of Windows 7, which lacks coverage under the Extended Security Updates initiative.
The remote code execution flaw CVE-2026-23669 in the Windows print spooler echoes the 2021 PrintNightmare vulnerability in its mechanism, allowing a high-privilege user to deliver crafted network packets for code execution on target machines without further interaction. To date, no active exploits have been reported for this issue.
Windows Routing and Remote Access Service sees repairs for three remote code execution vulnerabilities, each scoring between 8.0 and 8.8 on the CVSS scale. Separately, four elevation-of-privilege problems in the Winsock extension driver range from CVSS 7.0 to 7.8.
To enhance PC protection, maintaining current operating system versions is essential, alongside installing trusted antivirus solutions. Explore recommendations for top Windows antivirus options. For those prioritizing data privacy, consider leading VPN services.
Among the patches, two qualify as zero-day vulnerabilities due to prior public knowledge without active exploitation: CVE-2026-26127, a denial-of-service issue in .NET, and CVE-2026-21262, an elevation-of-privilege vulnerability in SQL Server with a CVSS score of 8.8.
Microsoft Edge version 145.0.3800.97, released on March 6 and built on Chromium 145.0.7632.160, resolves 10 security holes from the Chromium project. Google has advanced to Chrome and Chromium version 146, prompting an anticipated Edge update later this week.
Additional resources: Essential 10 security adjustments to prevent breaches.