Microsoft Patches 79 Flaws, Including 2 Zero-Days
Microsoft's March Patch Tuesday fixed 79 vulnerabilities, including two publicly disclosed zero-days, affecting key backend components like SQL Server and .NET Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws.
One of the zero-days, CVE-2026-0008, is a security feature bypass in Windows Kerberos, exploited as a proof-of-concept. Successful exploitation allows an attacker to bypass Kerberos authentication. CVE-2026-21551 is the other zero-day, an elevation of privilege vulnerability in SQL Server. An attacker who successfully exploits this vulnerability could gain elevated privileges. Microsoft also addressed a .NET, .NET Framework, and Visual Studio denial-of-service vulnerability, CVE-2026-21566. Exploiting this requires an attacker to convince a user to connect to a malicious server. The March 2026 Patch Tuesday also included fixes for Microsoft Office, Exchange Server, and Windows Defender. It is crucial to apply these updates as soon as possible to mitigate the risks associated with these vulnerabilities.
