Microsoft’s monthly Patch Tuesday is first in 6 months with no actively exploited zero-days

Microsoft's March 2026 Patch Tuesday, released on March 10, 2026, marked a notable deviation from recent trends, as it contained no actively exploited zero-day vulnerabilities. This represents the first such monthly security update without active zero-day threats in six months¹. The comprehensive bulletin addressed 83 distinct vulnerabilities across Microsoft’s extensive portfolio of enterprise software and cloud services. While no zero-days were under active exploitation, Microsoft identified six other defects within this batch of patches that it classified as 'more likely to be exploited,' indicating a persistent, albeit lower-level, threat. This period without actively exploited critical flaws stands in stark contrast to previous updates, including the month prior, when Microsoft disclosed six actively exploited zero-day vulnerabilities. The temporary absence of immediate zero-day threats provides a momentary reprieve, allowing security teams to focus on broader patch management and hardening strategies without the typical immediate scramble to mitigate known active exploits, underscoring the dynamic nature of threat landscapes.