MICROSOFT has released patches for 83 vulnerabilities across its products, with none of the flaws flagged as exploited in the wild, and two publicly disclosed CVEs highlighted: CVE-2026-26127, a DoS in .NET, and CVE-2026-21262, an elevation of privilege in SQL Server. The updates also fix CVE-2026-21536, a critical remote code execution weakness in the Devices Pricing Program, which has been fully mitigated by Microsoft and requires no user action.
Another notable fix is CVE-2026-26118, an elevation of privilege issue in Azure MCP Server Tools, which could be exploited by sending specially crafted input to a server tool that accepts user-supplied parameters. Fortra associate director Tyler Reguly notes additional Azure fixes, including an elevation of privilege in Azure Linux Virtual Machines (CVE-2026-23665) and several flaws in Azure IoT Explorer (CVE-2026-26121, CVE-2026-23661, CVE-2026-23662, CVE-2026-23664).
These patches, released on Microsoft’s March 2026 Patch Tuesday, also address 10 non-Microsoft CVEs, including a flaw in Microsoft Semantic Kernel Python SDK and nine in Microsoft Edge, while Microsoft emphasises that there is no action required for users of the Devices Pricing Program. The report was written on 10 March 2026. According to the article, Tenable’s Satnam Narang also comments on the relative severity and exploit likelihood of the flaws.