CP
cyberpings
VulnerabilitiesHIGH

March Patch Tuesday Fixes 84 Vulnerabilities Across 15 Products

SOSophos News
Patch TuesdayMicrosoftCVE-2026-26110CVE-2026-26113CVE-2026-26144
🎯

Basically, Microsoft fixed 84 security issues in various products this month.

Quick Summary

Microsoft's March Patch Tuesday addressed 84 vulnerabilities across various products. Eight are critical, but none affect Windows directly. Stay updated to protect your systems from potential exploits.

What Happened

On March Patch Tuesday, Microsoft rolled out 84 patches affecting 15 different product families. Among these, eight vulnerabilities were classified as Critical severity. However, it's noteworthy that none of these critical issues affect Windows directly, which is a relief for many users. Microsoft has indicated that these vulnerabilities are not expected to be exploited within the next 30 days, providing a window for users to apply the necessary updates.

Interestingly, five of the eight critical vulnerabilities were addressed prior to Patch Tuesday, showcasing Microsoft’s proactive approach. This month’s patch set includes a variety of vulnerabilities, with 22 having a CVSS base score of 8.0 or higher, indicating their potential severity. One vulnerability even scored a staggering 9.8, marking it as particularly concerning.

Who's Affected

The vulnerabilities patched this month span a wide range of Microsoft products, including lesser-known software that many users may not even be aware of. For instance, the Microsoft Devices Pricing Program and Payment Orchestrator Service were among those affected by critical vulnerabilities. This highlights that even if you don't use Windows, you could be impacted by vulnerabilities in other Microsoft services.

Moreover, the vulnerabilities include various types of risks such as Denial of Service, Elevation of Privilege, and Remote Code Execution. This broad scope means that many organizations relying on Microsoft products should take note of these updates to ensure their systems remain secure.

Patch Status

Microsoft has provided a detailed list of patches, sorted by severity and product family. The company has also noted that six CVEs are considered more likely to be exploited in the coming weeks. Users are encouraged to apply these patches as soon as possible to mitigate risks. Notably, the vulnerabilities affecting Microsoft Office have been highlighted, particularly those related to Remote Code Execution, which could allow attackers to execute malicious code on a user's machine.

For those using Sophos protections, specific vulnerabilities have been flagged as detectable, which can help organizations bolster their defenses against potential exploitation. It’s crucial for users to stay informed about which patches apply to their systems and to act promptly.

Immediate Actions

To protect yourself, ensure that your systems are updated with the latest patches released by Microsoft. Here are some recommended actions:

  • Check for Updates: Regularly check for updates through the Windows Update Catalog to ensure you have the latest security patches.
  • Implement Sophos Protections: If you're using Sophos, verify that your protections are active and updated to detect the vulnerabilities patched this month.
  • Educate Your Team: Make sure your IT team is aware of these vulnerabilities and understands how to apply the necessary patches effectively.

By taking these steps, you can minimize the risk of exploitation and maintain a secure environment in your organization.

💡 Tap dotted terms for explanations

🔒 Pro insight: The absence of Windows vulnerabilities this month is unusual; however, vigilance is still essential for other affected products.

Original article from

Sophos News

Read Full Article

Share

Related Pings

CRITICALVulnerabilities

Critical RRAS RCE Vulnerabilities Patched in Windows 11

Microsoft released a hotpatch for critical RRAS vulnerabilities in Windows 11. These flaws could allow hackers to execute code remotely. Users should ensure their systems are updated to protect against potential attacks.

Cyber Security News·
HIGHVulnerabilities

FortiGate Firewalls Targeted in High-Severity Exploit Wave

FortiGate firewalls are under attack as hackers exploit critical vulnerabilities. Organizations using these firewalls are at risk of credential theft and network breaches. Immediate patching and credential rotation are essential to mitigate these threats.

Cyber Security News·
HIGHVulnerabilities

Microsoft Issues Urgent Hotpatch for Windows 11 RCE Vulnerability

Microsoft has released a critical hotpatch for Windows 11 to fix serious vulnerabilities. Affected devices include Windows 11 Enterprise systems. This update is crucial to prevent remote code execution that could compromise sensitive data.

BleepingComputer·
CRITICALVulnerabilities

Critical Vulnerability in HPE AOS-CX Allows Password Resets

The Flaw Hewlett Packard Enterprise (HPE) has reported a critical-severity vulnerability in its Aruba Networking AOS-CX switches, tracked as CVE-2026-23813. This vulnerability has a CVSS score of 9.8, indicating its severity. It allows attackers to reset administrator passwords remotely and without any authentication, effectively bypassing existing security measures. This flaw affects various models, including the CX 4100i, CX 6000,

SecurityWeek·
HIGHVulnerabilities

Critical LangSmith Vulnerability Exposes Users to Account Takeover

A critical vulnerability in LangSmith could allow hackers to take over user accounts. This flaw affects users who rely on LangSmith for AI data monitoring. Immediate action is required to ensure security and protect sensitive information.

Cyber Security News·
HIGHVulnerabilities

Windows 11 Bug Locks Users Out of System Drive C

A critical bug in Windows 11 is locking users out of their system drives. Affected Samsung devices are unable to access essential applications. Microsoft is investigating the issue and advises users to wait for a patch.

Cyber Security News·