Service Notices
Microsoft Releases March 2026 Security Updates
Mar 16, 2026 GMT+08:00
I.Overview
Huawei Cloud noticed that Microsoft has released its March 2026 Security Updates. A total of 78 security vulnerabilities have been disclosed, among which 3 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement information breach, privilege escalation, and remote code execution. The affected applications include Microsoft Windows, Microsoft Office, SQL Server, and Azure.
For details, visit the Microsoft official website:
https://msrc.microsoft.com/update-guide/releaseNote/2026-Mar
The following vulnerabilities require close attention as they have been publicly disclosed or exploited in the wild:
Privilege escalation vulnerability in SQL Server (CVE-2026-21262): An authenticated attacker can exploit this vulnerability to obtain the SQL system administrator permissions due to improper access control in SQL Server. The vulnerability has been disclosed, and the risk is high.
.NET DoS vulnerability (CVE-2026-26127): Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. The vulnerability has been disclosed, and the risk is high.
6 vulnerabilities (such as CVE-2026-24294, CVE-2026-25187, and CVE-2026-26132) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II.Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, SQL Server, Azure, and other products.
IV.Vulnerability Details
|
CVE ID |
Vulnerability Name |
Severity |
Vulnerability Description |
|
CVE-2026-26110 |
Microsoft Office Remote Code Execution Vulnerability |
Major |
Access of resource using an incompatible type ("type confusion") in Microsoft Office allows an unauthorized attacker to execute code locally. |
|
CVE-2026-26144 |
Microsoft Excel information disclosure vulnerability |
Major |
Improper neutralization of input during web page generation (cross-site scripting) in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. |
|
CVE-2026-26113 |
Microsoft Office Remote Code Execution Vulnerability |
Major |
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.