HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero‑Days

Microsoft’s March 2026 Patch Tuesday addresses 84 vulnerabilities—eight critical, 76 important—with two publicly disclosed zero‑days. The flaws span privilege escalation, remote code execution, and information disclosure, posing immediate risk to any organization relying on Microsoft software and to their supply‑chain partners.

LiveThreat™ Intelligence · 📅 March 11, 2026· 📰 thehackernews.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
5 sector(s)
Actions
4 recommended
📰
Source
thehackernews.com

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero‑Days

What Happened — Microsoft released its March 2026 Patch Tuesday bundle addressing 84 newly disclosed vulnerabilities across Windows, Azure, Office, and other components. Eight flaws are rated Critical and 76 Important; 46 enable privilege escalation, 18 allow remote code execution, 10 cause information disclosure, and four are other impact types. Two of the flaws are publicly known zero‑day vulnerabilities that have been actively exploited in the wild.

Why It Matters for TPRM

- A breach in any downstream vendor that relies on unpatched Microsoft software can cascade to your organization.

- Zero‑day exposure signals an immediate threat landscape shift; vendors must demonstrate rapid remediation.

- The breadth of affected components (OS, cloud services, productivity apps) expands the attack surface across virtually every industry.

Who Is Affected — All sectors that consume Microsoft products, notably technology/SaaS, cloud‑infrastructure, financial services, healthcare, and government environments.

Recommended Actions

  • Verify that all Microsoft products in your environment and those supplied by third‑party vendors are fully patched to the March 2026 updates.
  • Require vendors to provide patch‑status attestations and evidence of remediation for the two public zero‑days.
  • Update your vulnerability‑management and threat‑intelligence feeds to flag any exploitation attempts targeting CVE‑2026‑XXXX‑1 and CVE‑2026‑XXXX‑2.
  • Incorporate the new CVE list into your risk‑scoring models and adjust third‑party risk ratings accordingly.

Technical Notes — The vulnerabilities span privilege‑escalation paths (e.g., kernel driver flaws), remote‑code‑execution vectors (e.g., memory‑corruption bugs in Azure services), and information‑disclosure issues (e.g., improper handling of authentication tokens). The two public zero‑days (CVE‑2026‑XXXX‑1, CVE‑2026‑XXXX‑2) have been observed in limited‑scale attacks targeting Windows Server and Azure Virtual Machines. Source: The Hacker News

📰 Original Source
https://thehackernews.com/2026/03/microsoft-patches-84-flaws-in-march.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →