Microsoft's March 2026 Patch Tuesday addresses 77 vulnerabilities with no active zero-days. Key highlights include a publicly disclosed SQL Server privilege escalation flaw (CVE-2026-21262) allowing elevation to sysadmin, two critical Microsoft Office remote code execution bugs triggerable via the Preview Pane, and several privilege escalation flaws rated 'exploitation more likely' across Windows components. Notably, one critical RCE (CVE-2026-21536) was discovered by XBOW, an autonomous AI penetration testing agent, marking a significant milestone in AI-driven vulnerability research. Adobe patched 80 vulnerabilities across its products, and Mozilla Firefox 148.0.2 resolved three high-severity CVEs.
Sort: