Microsoft’s March Patch Tuesday has arrived, bringing practically 80 fixes for the whole lot out of your Excel spreadsheets to the center of company SQL servers.
Whereas we dodged the chaos of lively zero-day assaults this month, don’t let your guard down simply but. Microsoft has nonetheless rolled out an enormous batch of updates to plug holes that would let strangers take over your PC or sneak a peek at your personal recordsdata.
One of many largest considerations this month isn’t a posh hack; it’s one thing so simple as taking a look at a file. Two main flaws in Microsoft Workplace (CVE-2026-26113 and CVE-2026-26110) enable hackers to run their very own malicious code in your pc simply by having you view a rigged doc within the “Preview Pane.”
Jack Bicer, Director of Vulnerability Analysis at Action1, instructed TechRepublic that this can be a high-priority situation.
“Notably, the Preview Pane can function an assault vector, which means exploitation could happen just by viewing a malicious file. When a easy doc preview can set off code execution, attackers acquire a doorway immediately into the system,” Bicer mentioned.
Mike Walters, president and co-founder of Action1, echoed this warning when discussing the second Workplace flaw, telling TechRepublic:
“A single reminiscence dealing with mistake inside Workplace can enable attackers to run their very own code, turning an unusual doc into a possible system takeover… Even a single malicious doc may compromise an endpoint and provides attackers a foothold contained in the group.”
Excel and the AI threat
Should you use Microsoft’s new AI instruments, you’ll wish to pay further consideration to a bug in Excel (CVE-2026-26144). This “data disclosure” flaw may enable an attacker to trick Excel, particularly its Copilot Agent mode, into leaking delicate knowledge throughout a community with out you realizing.
Alex Vovk, CEO and Co-Founding father of Action1, famous that such leaks are silent however lethal for companies.
“Data disclosure vulnerabilities are particularly harmful in company environments the place Excel recordsdata usually comprise monetary knowledge, mental property, or operational information. If exploited, attackers may silently extract confidential data from inside techniques with out triggering apparent alerts,” Vovk famous.
The general public zero-days
Although hackers weren’t utilizing them but, two flaws have been publicly disclosed, which means the blueprints for learn how to exploit them have been already out within the open.
- CVE-2026-21262: A bug in SQL Server that lets somebody with primary entry quietly promote themselves to a sysadmin.
- CVE-2026-26127: A flaw within the .NET framework that could possibly be used to remotely crash purposes, successfully knocking companies offline.
In keeping with Bicer, though the general variety of patches is under the yearly common, it’s nonetheless a heavy elevate for IT groups.
“This Patch Tuesday contains 78 vulnerability fixes from Microsoft, above final month’s 55 patches however under its 12-month shifting common of 93, with three rated essential.” He instructed TechRepublic. “Whereas there aren’t any zero-day vulnerabilities reported this time, the variety of patches and several other essential points imply it’s nonetheless an replace price prioritizing.”
AI helps with the invention of a 9.8 menace
In an enchanting twist, probably the most extreme bug of the month (rated an almost excellent 9.8 out of 10 for hazard) wasn’t discovered by a human. CVE-2026-21536, which impacts the Microsoft Units Pricing Program, was found by an autonomous AI agent referred to as XBOW.
Whereas Microsoft has already patched this one on its finish, it marks a shift within the arms race between safety researchers and hackers, exhibiting that AI can now discover complicated holes in software program totally by itself.
What it is best to do
For many of us, the recommendation stays the identical: head to your Home windows Replace settings and click on “Test for updates.” Should you can’t replace your Workplace apps instantly, safety specialists recommend disabling the Preview Pane in your file explorer as a short lived defend in opposition to these malicious doc assaults.
Additionally learn: In one other rising menace, hackers are impersonating IT workers on Microsoft Groups to trick staff into putting in malware and acquire stealthy entry to company networks.
