Microsoft has released its March security update, patching 84 vulnerabilities across its software ecosystem. The update includes fixes for critical flaws in Windows and Office, with no evidence of active exploitation at this time.
The most notable vulnerabilities include a remote code execution flaw in the Windows print queue—similar to the PrintNightmare exploit from 2021—and an Excel data leak that can be triggered through Copilot’s preview pane. Both are classified as critical risks, alongside three other high-severity issues in Office.
Windows remains a primary focus, with 48 vulnerabilities addressed across supported versions, including Windows 10, despite its expired support status. The update also includes fixes for four elevation of privilege (EoP) flaws in the Winsock add-on driver and three remote code execution vulnerabilities in the Routing and Remote Access Service (RRAS).
Office applications received 13 security patches, including two remote code execution vulnerabilities that can be exploited without opening a file. These are tied to the preview window functionality, allowing attackers to inject malicious code even if the user does not interact with the content.
The update also addresses two zero-day vulnerabilities: CVE-2026-26127, a denial-of-service flaw in .NET, and CVE-2026-21262, an elevation of privilege issue in SQL Server with a CVSS score of 8.8.
Microsoft Edge 145.0.3800.97 received updates for 10 Chromium-based vulnerabilities, though Google has since released Chrome 146, suggesting further patches may follow shortly.
Users are advised to install the latest updates promptly, particularly for unsupported systems like Windows 10, where 48 security fixes were applied. Additional precautions, such as reputable antivirus software and virtual private networks (VPNs), can further enhance system security.
