Microsoft has released patches for 77 vulnerabilities as part of its March 2026 Patch Tuesday, including a zero-day remote elevation of privilege (EoP) flaw in SQL Server that affects all versions. Two of the disclosed vulnerabilities have been publicly known, but there is currently no evidence of exploitation in the wild. Earlier in the month, Microsoft had already addressed nine browser vulnerabilities with separate patches. The SQL Server zero-day vulnerability is particularly notable, as it allows for remote exploitation, highlighting the need for immediate attention from administrators. The fact that public disclosure has occurred without known exploitation suggests that attackers may be preparing to leverage these vulnerabilities, making prompt patching crucial1. This emphasizes the importance of quickly assessing exposure to these vulnerabilities, as the window for patching is already narrowing, and potential attacks may be imminent, making it essential for practitioners to take swift action to secure their systems.
Patch Tuesday - March 2026
⚡ High Priority
Why This Matters
Zero-day activity targeting CISA means patching windows are already closing — assess your exposure immediately.
References
- Rapid7. (2026, March 10). Patch Tuesday - March 2026. Rapid7 Blog. https://www.rapid7.com/blog/post/em-patch-tuesday-march-2026
Original Source
Rapid7 Blog
Read original →