MICROSOFT Patch Tuesday security updates for March 2026 fixed 84 bugs across Windows, Office, Edge, Azure, SQL Server, Hyper-V and ReFS, with the total including third‑party and Chromium updates reaching 94 vulnerabilities. Eight flaws are rated Critical and the remainder Important, with two publicly disclosed vulnerabilities, CVE-2026-26127 and CVE-2026-21262, not currently known to be actively exploited.
Other notable flaws addressed include CVE-2026-21536, a high‑severity remote code execution issue in Microsoft Devices Pricing Program services, and CVE-2026-26110, which enables remote code execution in Microsoft Office via malicious files processed in the Preview Pane. None of the flaws are known to be exploited so far, according to MSRC. The full list of CVEs addressed by these March 2026 updates is available on the Microsoft Update Guide release note for 2026‑Mar.