Back to overview

Threat intelligence

Microsoft Security Bulletin Coverage for March 2026

by Security News

Overview

Microsoft’s March 2026 Patch Tuesday has 84 vulnerabilities, of which 45 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2026 and has produced coverage for six of the reported vulnerabilities.

Vulnerabilities with Detections

CVE

CVE Title

Signature

CVE-2026-23668Windows Graphics Component Elevation of Privilege VulnerabilityASPY 7190 Exploit-exe exe.MP_499
CVE-2026-24289Windows Kernel Elevation of Privilege VulnerabilityASPY 7191 Exploit-exe exe.MP_502
CVE-2026-24291Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege VulnerabilityASPY 7192 Exploit-exe exe.MP_503
CVE-2026-24294Windows SMB Server Elevation of Privilege VulnerabilityIPS 4615 Windows SMB Server Elevation of Privilege (CVE-2026-24294)
CVE-2026-25187Winlogon Elevation of Privilege VulnerabilityASPY 673 Exploit-exe exe.MP_501
CVE-2026-26132Windows Kernel Elevation of Privilege VulnerabilityASPY 671 Exploit-exe exe.MP_500

 

 

Release Breakdown

The vulnerabilities can be classified into the following categories:

 

Mar_2026__impact_1.png
Mar_2026_chart_severity_2.png

For March there are 8 critical and 76 important vulnerabilities.

Mar_2026_chart_Vul_count_1.png
Mar_2026__expl_dis_4.png

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.

 

Mar_2026_expl_assesment_5.png

 

 

Release Detailed Breakdown

Denial of Service Vulnerabilities

CVECVE Title
CVE-2026-25168Windows Graphics Component Denial of Service Vulnerability
CVE-2026-25169Windows Graphics Component Denial of Service Vulnerability
CVE-2026-26127.NET Denial of Service Vulnerability
CVE-2026-26130ASP.NET Core Denial of Service Vulnerability

 

 

Elevation of Privilege Vulnerabilities

CVECVE Title
CVE-2026-20967System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability
CVE-2026-21262SQL Server Elevation of Privilege Vulnerability
CVE-2026-23651Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
CVE-2026-23660Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
CVE-2026-23665Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability
CVE-2026-23667Broadcast DVR Elevation of Privilege Vulnerability
CVE-2026-23668Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2026-23671Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability
CVE-2026-23672Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVE-2026-23673Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2026-24283Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability
CVE-2026-24285Win32k Elevation of Privilege Vulnerability
CVE-2026-24287Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-24289Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-24290Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-24291Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability
CVE-2026-24292Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2026-24293Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-24294Windows SMB Server Elevation of Privilege Vulnerability
CVE-2026-24295Windows Device Association Service Elevation of Privilege Vulnerability
CVE-2026-24296Windows Device Association Service Elevation of Privilege Vulnerability
CVE-2026-25165Performance Counters for Windows Elevation of Privilege Vulnerability
CVE-2026-25167Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2026-25170Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2026-25171Windows Authentication Elevation of Privilege Vulnerability
CVE-2026-25174Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
CVE-2026-25175Windows NTFS Elevation of Privilege Vulnerability
CVE-2026-25176Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-25177Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2026-25178Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-25179Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-25187Winlogon Elevation of Privilege Vulnerability
CVE-2026-25188Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2026-25189Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-26115SQL Server Elevation of Privilege Vulnerability
CVE-2026-26116SQL Server Elevation of Privilege Vulnerability
CVE-2026-26117Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2026-26118Azure MCP Server Tools Elevation of Privilege Vulnerability
CVE-2026-26124Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
CVE-2026-26125Payment Orchestrator Service Elevation of Privilege Vulnerability
CVE-2026-26128Windows SMB Server Elevation of Privilege Vulnerability
CVE-2026-26131.NET Elevation of Privilege Vulnerability
CVE-2026-26132Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-26141Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability
CVE-2026-26148Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability

 

Information Disclosure Vulnerabilities

CVECVE Title
CVE-2026-23661Azure IoT Explorer Information Disclosure Vulnerability
CVE-2026-23662Azure IoT Explorer Information Disclosure Vulnerability
CVE-2026-23664Azure IoT Explorer Information Disclosure Vulnerability
CVE-2026-24282Push message Routing Service Elevation of Privilege Vulnerability
CVE-2026-25180Windows Graphics Component Information Disclosure Vulnerability
CVE-2026-25181GDI+ Information Disclosure Vulnerability
CVE-2026-25186Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability
CVE-2026-26122Microsoft ACI Confidential Containers Information Disclosure Vulnerability
CVE-2026-26123Microsoft Authenticator Information Disclosure Vulnerability
CVE-2026-26134Microsoft Office Elevation of Privilege Vulnerability
CVE-2026-26144Microsoft Excel Information Disclosure Vulnerability

 

Remote Code Execution Vulnerabilities

CVECVE Title
CVE-2026-21536Microsoft Devices Pricing Program Remote Code Execution Vulnerability
CVE-2026-23654GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
CVE-2026-23669Windows Print Spooler Remote Code Execution Vulnerability
CVE-2026-24288Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2026-25166Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability
CVE-2026-25172Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2026-25173Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2026-25190GDI Remote Code Execution Vulnerability
CVE-2026-26106Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-26107Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-26108Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-26109Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-26110Microsoft Office Remote Code Execution Vulnerability
CVE-2026-26111Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2026-26112Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-26113Microsoft Office Remote Code Execution Vulnerability
CVE-2026-26114Microsoft SharePoint Server Remote Code Execution Vulnerability

 

 

Security Feature Bypass Vulnerabilities

CVECVE Title
CVE-2026-23674MapUrlToZone Security Feature Bypass Vulnerability
CVE-2026-24297Windows Kerberos Security Feature Bypass Vulnerability
CVE-2026-26143Microsoft PowerShell Security Feature Bypass Vulnerability

 

 

Spoofing Vulnerabilities

CVECVE Title
CVE-2026-23656Windows App Installer Spoofing Vulnerability
CVE-2026-25185Windows Shell Link Processing Spoofing Vulnerability
CVE-2026-26105Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-26121Azure IOT Explorer Spoofing Vulnerability

 

 

 

 

 

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.

Related Articles

  • Nested Deserialization to RCE in Adobe Commerce & Magento (CVE-2025-54236)
    Read More
  • Command Injection in HuangDou UTCMS (CVE-2024-9916) Enables RCE
    Read More