Microsoft Patches 77 Vulnerabilities in March 2026 Patch Tuesday

Microsoft released its March 2026 Patch Tuesday security updates today, addressing 77 vulnerabilities across Windows operating systems, Microsoft Office, Azure, and other enterprise software. This month's release marks a significant decrease from February's security bulletin, which included active zero-day exploitation. The company's Security Response Center confirmed that none of the 77 vulnerabilities disclosed this month are currently being exploited in the wild, providing administrators a relative reprieve from emergency patching demands.

Of the 77 vulnerabilities addressed, 14 are classified as Critical severity, affecting core Windows components including the Windows Kernel, Secure Boot, and Hyper-V virtualization platform. The remaining 63 are rated Important or Moderate. Notable critical fixes include patches for remote code execution vulnerabilities in Microsoft Message Queuing (CVE-2026-0147) and a privilege escalation flaw in the Windows Network File System (CVE-2026-0189). Security researchers at Cisco Talos and Qualys identified several of these vulnerabilities during responsible disclosure programs coordinated with Microsoft's Security Response Center.

Organizations running Windows 11 version 23H2, Windows Server 2025, and Microsoft Exchange Server 2019 are advised to prioritize updates addressing memory corruption vulnerabilities in the Windows Filtering Platform and authentication bypass issues in Exchange's backend services. Microsoft's update catalog indicates that enterprise deployments utilizing Microsoft Intune for patch management will receive automated deployment starting March 10, 2026. IT security teams should verify that legacy systems running Windows Server 2012 R2, which reaches end-of-support in October 2026, are included in testing cycles given extended support limitations.