Microsoft Patches 83 Vulnerabilities – SecurityWeek – Cyber Tech

Microsoft on Tuesday introduced patches for 83 vulnerabilities affecting its merchandise.

Whereas not one of the bugs have been flagged as exploited, two of them have been publicly disclosed, Microsoft’s advisories reveal.

These embrace CVE-2026-26127, a denial-of-service (DoS) problem in .NET, and CVE-2026-21262, an elevation of privilege defect in SQL Server.

“These bugs are extra bark than chunk. The DoS vulnerability is assessed as unlikely to be exploited and requires an attacker to be approved beforehand, whereas the privilege escalation bug was deemed much less prone to be exploited,” Tenable researcher Satnam Narang factors out.

Microsoft’s March 2026 Patch Tuesday updates resolve a single critical-severity flaw, specifically CVE-2026-21536 (CVSS rating of 9.8), a distant code execution weak point in Gadgets Pricing Program that has already been absolutely mitigated by the tech big.

“There isn’t a motion for customers of this service to take. The aim of this CVE is to offer additional transparency,” the corporate notes.

One other safety defect that stands out is CVE-2026-26118, an elevation of privilege problem in Azure MCP Server Instruments that may very well be exploited by sending specifically crafted enter to a server software that accepts user-supplied parameters.

“If the attacker can work together with the MCP‑backed agent, they will submit a malicious URL instead of a standard Azure useful resource identifier. The MCP Server then sends an outbound request to that URL and, in doing so, could embrace its managed identification token. This enables the attacker to seize that token with out requiring administrative entry,” Microsoft notes.

Narang says that the privilege escalation bugs in Home windows Graphics Element, Home windows Accessibility Infrastructure, Home windows Kernel, Home windows SMB Server, and Winlogon could require consideration, as such vulnerabilities are sometimes exploited following preliminary entry.

In line with Fortra affiliate director Tyler Reguly, customers must also take note of 5 Azure safety defects addressed this month.

These embrace an elevation of privilege problem in Azure Linux Digital Machines (CVE-2026-23665), and one spoofing and three info disclosure flaws in Azure IoT Explorer (CVE-2026-26121, CVE-2026-23661, CVE-2026-23662, and CVE-2026-23664).

These bugs, Reguly factors out, require non-standard patching mechanisms, which can require further effort from IT groups.

“CSOs ought to make sure that they’ve stable asset inventories across the deployment of cloud-related programs and instruments, in order that admins know the place these items exist and once they should be fastened. That is one of the best ways to empower your sys admins and safety groups on a quiet month like this,” Reguly mentioned.

Microsoft additionally introduced fixes for 10 non-Microsoft CVEs, together with a flaw in Microsoft Semantic Kernel Python SDK, and 9 in Microsoft Edge (which relies on Chromium).

On Tuesday, Adobe introduced the rollout of patches for 80 vulnerabilities throughout its merchandise, together with high-severity flaws in Adobe Commerce.

Associated: SAP Patches Vital FS-QUO, NetWeaver Vulnerabilities

Associated: Current Ivanti Endpoint Supervisor Flaw Exploited in Assaults

Associated: CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities

Associated: Microsoft to Allow ‘Home windows Baseline Safety’ With New Runtime Integrity Safeguards