MS Family March 2026 Routine Security Update Advisory

Mar 12 2026

Overview

Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. users of affected products are advised to update to the latest version.

Affected Products

Apps family

Microsoft Authenticator for Android

Microsoft Authenticator for IOS

Azure 系列

Arc Enabled Servers – Azure Connected Machine Agent

Azure Automation Hybrid Worker Windows Extension

Azure IoT Explorer

Azure Linux Virtual Machines with Azure Diagnostics extension

Azure MCP Server Tools

Microsoft Azure AD SSH Login extension for Linux

Windows Admin Center in Azure Portal

Microsoft ACI Confidential Containers

Developer Tools suite

.NET 10.0 installed on Linux

.NET 10.0 installed on Mac OS

.NET 10.0 installed on Windows

.NET 9.0 installed on Linux

.NET 9.0 installed on Mac OS

.NET 9.0 installed on Windows

ASP.NET Core 10.0

ASP.NET Core 8.0

ASP.NET Core 9.0

Microsoft.Bcl.Memory 10.0

Microsoft.Bcl.Memory 9.0

Device Family

Microsoft Devices Pricing Program

ESU Family

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Microsoft Office Suite

Microsoft 365 Apps for Enterprise for 32-bit Systems

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft Excel 2016 (32-bit edition)

Microsoft Excel 2016 (64-bit edition)

Microsoft Office 2016 (32-bit edition)

Microsoft Office 2016 (64-bit edition)

Microsoft Office 2019 for 32-bit editions

Microsoft Office 2019 for 64-bit editions

Microsoft Office LTSC 2021 for 32-bit editions

Microsoft Office LTSC 2021 for 64-bit editions

Microsoft Office LTSC 2024 for 32-bit editions

Microsoft Office LTSC 2024 for 64-bit editions

Microsoft Office LTSC for Mac 2021

Microsoft Office LTSC for Mac 2024

Microsoft Office for Android

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition

Office Online Server

Mariner Family

Azl3 grpc 1.62.3-1 on Azure Linux 3.0

Open Source Software Suite

Azl3 hyperv-daemons 6.6.126.1-1 on Azure Linux 3.0

Azl3 kernel 6.6.126.1-1 on Azure Linux 3.0

Azl3 tensorflow 2.16.1-11 on Azure Linux 3.0

Cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0

GitHub Repo: Zero Shot scFoundation

Microsoft Semantic Kernel Python SDK

SQL Server Family

Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)

Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack

Microsoft SQL Server 2017 for x64-based Systems (CU 31)

Microsoft SQL Server 2017 for x64-based Systems (GDR)

Microsoft SQL Server 2019 for x64-based Systems (CU 32)

Microsoft SQL Server 2019 for x64-based Systems (GDR)

Microsoft SQL Server 2022 for x64-based Systems (CU 23)

Microsoft SQL Server 2022 for x64-based Systems (GDR)

Microsoft SQL Server 2025 for x64-based Systems (CU2)

Microsoft SQL Server 2025 for x64-based Systems (GDR)

System Center Family

System Center Operations Manager 2019

System Center Operations Manager 2022

System Center Operations Manager 2025

Windows Family

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 24H2 for ARM64-based Systems

Windows 11 Version 24H2 for x64-based Systems

Windows 11 Version 25H2 for ARM64-based Systems

Windows 11 Version 25H2 for x64-based Systems

Windows 11 Version 26H1 for ARM64-based Systems

Windows 11 version 26H1 for x64-based Systems

Windows App Client for Windows Desktop

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)

Windows Server 2025

Windows Server 2025 (Server Core installation)

Other product families

Payment Orchestrator Service

Resolved Vulnerabilities

There were 8 vulnerabilities rated Critical and 82 rated Important.

Apps family

Critical-rated information disclosure vulnerability in Microsoft Authenticator (CVE-2026-26123)

Azure family

Critical privilege escalation vulnerability in Azure Arc (CVE-2026-26141)

Critical privilege escalation vulnerability in Azure Entra ID (CVE-2026-26148)

Critical spoofing vulnerability in Azure IoT Explorer (CVE-2026-26121)

Critical information disclosure vulnerabilities in Azure IoT Explorer (CVE-2026-23664, CVE-2026-23661, CVE-2026-23662)

Critical privilege escalation vulnerability in Azure Linux Virtual Machines (CVE-2026-23665)

Critical privilege escalation vulnerability in Azure MCP Server (CVE-2026-26118)

Critical privilege escalation vulnerability in Azure Portal Windows Admin Center (CVE-2026-23660)

Critical privilege escalation vulnerability in Azure Windows Virtual Machine Agent (CVE-2026-26117)

Urgent-grade privilege escalation vulnerabilities in Azure Compute Gallery (CVE-2026-23651, CVE-2026-26124)

Critical information disclosure vulnerability in Azure Compute Gallery (CVE-2026-26122)

Developer Tools Suite

Critical-grade privilege escalation vulnerability in .NET (CVE-2026-26131)

Critical-grade denial of service vulnerability in .NET (CVE-2026-26127)

Critical-grade denial-of-service vulnerability in ASP.NET Core (CVE-2026-26130)

Device Family

Critical-grade remote code execution vulnerability in the Microsoft Devices Pricing Program (CVE-2026-21536)

Microsoft Office Suite

Critical information disclosure vulnerability in Microsoft Office Excel (CVE-2026-26144)

Critical-grade remote code execution vulnerabilities in Microsoft Office Excel (CVE-2026-26112, CVE-2026-26107, CVE-2026-26108, CVE-2026-26109)

Critical-grade spoofing vulnerability in Microsoft Office SharePoint (CVE-2026-26105)

Critical-grade remote code execution vulnerabilities in Microsoft Office SharePoint (CVE-2026-26114, CVE-2026-26106)

Urgent-grade remote code execution vulnerabilities in Microsoft Office (CVE-2026-26113, CVE-2026-26110)

Critical-grade privilege escalation vulnerability in Microsoft Office (CVE-2026-26134)

Mariner Family of Products

Critical-grade vulnerability in Mariner (CVE-2026-3336)

Open Source Software Suites

GitHub Repo: Critical-grade remote code execution vulnerability in zero-shot-scfoundation (CVE-2026-23654)

Critical-grade remote code execution vulnerability in the Microsoft Semantic Kernel Python SDK (CVE-2026-26030)

Moderate-rated vulnerabilities in Mariner (CVE-2026-23237, CVE-2026-23238, CVE-2026-23236, CVE-2025-71238)

Critical-rated vulnerabilities in Mariner (CVE-2026-23234, CVE-2026-23235, CVE-2026-0038, CVE-2026-23231, CVE-2026-3338)

SQL Server Family

Critical-grade privilege escalation vulnerabilities in SQL Server (CVE-2026-21262, CVE-2026-26115, CVE-2026-26116)

System Center Family

Critical grade privilege escalation vulnerability in System Center Operations Manager (CVE-2026-20967)

Windows Family

Critical privilege escalation vulnerability in Active Directory Domain Services (CVE-2026-25177)

Critical privilege escalation vulnerability in Broadcast DVR (CVE-2026-23667)

Critical privilege escalation vulnerability in Connected Devices Platform Service (Cdpsvc) (CVE-2026-24292)

Critical privilege escalation vulnerability in Microsoft Brokering File System (CVE-2026-25167)

Critical privilege escalation vulnerability in Microsoft Graphics Component (CVE-2026-23668)

Critical Denial of Service Vulnerabilities in Microsoft Graphics Component (CVE-2026-25168, CVE-2026-25169)

Critical information disclosure vulnerability in Microsoft Graphics Component (CVE-2026-25180)

Critical information disclosure vulnerability in the Push Message Routing Service (CVE-2026-24282)

Role: Critical Privilege Escalation Vulnerability in Windows Hyper-V (CVE-2026-25170)

Critical privilege escalation vulnerability in Windows Accessibility Infrastructure (ATBroker.exe) (CVE-2026-24291)

Critical information disclosure vulnerability in Windows Accessibility Infrastructure (ATBroker.exe) (CVE-2026-25186)

Critical privilege escalation vulnerabilities in Windows Ancillary Function Driver for WinSock (CVE-2026-24293, CVE-2026-25176, CVE-2026-25178, CVE-2026-25179)

Critical-grade spoofing vulnerability in Windows App Installer (CVE-2026-23656)

Critical privilege escalation vulnerability in Windows Authentication Methods (CVE-2026-25171)

Critical privilege escalation vulnerability in Windows Bluetooth RFCOM Protocol Driver (CVE-2026-23671)

Critical privilege escalation vulnerability in Windows DWM Core Library (CVE-2026-25189)

Critical privilege escalation vulnerability in Windows Device Association Service (CVE-2026-24295, CVE-2026-24296)

Critical privilege escalation vulnerability in Windows Extensible File Allocation (CVE-2026-25174)

Critical privilege escalation vulnerability in Windows File Server (CVE-2026-24283)

Critical information disclosure vulnerability in Windows GDI+ (CVE-2026-25181)

Critical remote code execution vulnerability in Windows GDI (CVE-2026-25190)

Critical security feature bypass vulnerability in Windows Kerberos (CVE-2026-24297)

Critical privilege escalation vulnerabilities in Windows Kernel (CVE-2026-24287, CVE-2026-24289, CVE-2026-26132)

Critical security feature bypass vulnerability in Windows MapUrlToZone (CVE-2026-23674)

Critical remote code execution vulnerability in Windows Mobile Broadband (CVE-2026-24288)

Critical privilege escalation vulnerability in Windows NTFS (CVE-2026-25175)

Critical privilege escalation vulnerability in Windows Performance Counters (CVE-2026-25165)

Critical remote code execution vulnerability in Windows Print Spooler Components (CVE-2026-23669)

Critical privilege escalation vulnerability in Windows Projected File System (CVE-2026-24290)

Critical privilege escalation vulnerability in Windows Resilient File System (ReFS) (CVE-2026-23673)

Critical remote code execution vulnerabilities in Windows Routing and Remote Access Service (RRAS) (CVE-2026-25172, CVE-2026-25173, CVE-2026-26111)

Critical privilege escalation vulnerabilities in Windows SMB Server (CVE-2026-24294, CVE-2026-26128)

Critical spoofing vulnerability in Windows Shell Link Processing (CVE-2026-25185)

Critical remote code execution vulnerability in Windows System Image Manager (CVE-2026-25166)

Critical privilege escalation vulnerability in Windows Telephony Service (CVE-2026-25188)

Critical privilege escalation vulnerability in Windows Universal Disk Format File System Driver (UDFS) (CVE-2026-23672)

Critical privilege escalation vulnerability in Windows Win32K (CVE-2026-24285)

Critical-grade privilege escalation vulnerability in Winlogon (CVE-2026-25187)

Other Products

Urgent-grade privilege escalation vulnerability in Payment Orchestrator Service (CVE-2026-26125)

Vulnerability Patches

The following product-specific vulnerability patches have been made available in the March 10, 2026 update. Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.

Overview

Affected Products

Apps family

Azure 系列

Developer Tools suite

Device Family

ESU Family

Microsoft Office Suite

Mariner Family

Open Source Software Suite

SQL Server Family

System Center Family

Windows Family

Other product families

Resolved Vulnerabilities

Apps family

Azure family

Developer Tools Suite

Device Family

Microsoft Office Suite

Mariner Family of Products

Open Source Software Suites

SQL Server Family

System Center Family

Windows Family

Other Products

Vulnerability Patches

Tags:

Nginx UI Security Update Advisory (CVE-2026-27944)