Microsoft's March Patch Tuesday addresses 83 CVEs, a larger release than February's 63-patch update but one that security experts describe as relatively low-urgency. Only one vulnerability received a near-maximum CVSS score (9.8), an RCE flaw already patched by Microsoft. Elevation of privilege bugs dominate at 55.4% of patched CVEs, with three Windows kernel EoP flaws flagged as more likely to be exploited. Two Microsoft Office RCE vulnerabilities (CVE-2026-26113 and CVE-2026-26110) are notable because the Preview Pane is an attack vector, requiring no user interaction with a malicious file. Two GDI/GDI+ vulnerabilities, when chained, could enable a sophisticated dual-stage attack. Two publicly known zero-days are present but assessed as low-threat. Experts recommend applying patches after normal testing cycles with no need to rush.
Sort: