Microsoft Patches 79 Flaws, Including 2 Zero-Days
What happened
Microsoft's March Patch Tuesday fixed 79 vulnerabilities, including two publicly disclosed zero-days, affecting key backend components like SQL Server and .NET Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws.
Why it matters
One of the zero-days, CVE-2026-0008, is a security feature bypass in Windows Kerberos, exploited as a proof-of-concept. Successful exploitation allows an attacker to bypass Kerberos authentication. CVE-2026-21551 is the other zero-day, an elevation of privilege vulnerability in SQL Server. An attacker who successfully exploits this vulnerability could gain elevated privileges. Microsoft also addressed a .NET, .NET Framework, and Visual Studio denial-of-service vulnerability, CVE-2026-21566. Exploiting this requires an attacker to convince a user to connect to a malicious server. The March 2026 Patch Tuesday also included fixes for Microsoft Office, Exchange Server, and Windows Defender. It is crucial to apply these updates as soon as possible to mitigate the risks associated with these vulnerabilities.
Key numbers
- Microsoft's March Patch Tuesday fixed 79 vulnerabilities, including two publicly disclosed zero-days, affecting key backend components like SQL Server and .NET Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws.
- One of the zero-days, CVE-2026-0008, is a security feature bypass in Windows Kerberos, exploited as a proof-of-concept.
- CVE-2026-21551 is the other zero-day, an elevation of privilege vulnerability in SQL Server.
- Microsoft also addressed a .NET, .NET Framework, and Visual Studio denial-of-service vulnerability, CVE-2026-21566.
What happens next
- An attacker who successfully exploits this vulnerability could gain elevated privileges.
Quick answers
What happened in Microsoft Patches 79 Flaws, Including 2 Zero-Days?
Microsoft's March Patch Tuesday fixed 79 vulnerabilities, including two publicly disclosed zero-days, affecting key backend components like SQL Server and .NET Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws.
Why does Microsoft Patches 79 Flaws, Including 2 Zero-Days matter?
One of the zero-days, CVE-2026-0008, is a security feature bypass in Windows Kerberos, exploited as a proof-of-concept. Successful exploitation allows an attacker to bypass Kerberos authentication. CVE-2026-21551 is the other zero-day, an elevation of privilege vulnerability in SQL Server. An attacker who successfully exploits this vulnerability could gain elevated privileges. Microsoft also addressed a .NET, .NET Framework, and Visual Studio denial-of-service vulnerability, CVE-2026-21566. Exploiting this requires an attacker to convince a user to connect to a malicious server. The March 2026 Patch Tuesday also included fixes for Microsoft Office, Exchange Server, and Windows Defender. It is crucial to apply these updates as soon as possible to mitigate the risks associated with these vulnerabilities.
