March 2026 Security Updates
This release consists of the following 83 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?
System Center Operations Manager CVE-2026-20967
SQL Server CVE-2026-21262
Microsoft Devices Pricing Program CVE-2026-21536
Azure Compute Gallery CVE-2026-23651
GitHub Repo: zero-shot-scfoundation CVE-2026-23654
Windows App Installer CVE-2026-23656
Azure Portal Windows Admin Center CVE-2026-23660
Azure IoT Explorer CVE-2026-23661
Azure IoT Explorer CVE-2026-23662
Azure IoT Explorer CVE-2026-23664
Azure Linux Virtual Machines CVE-2026-23665
Broadcast DVR CVE-2026-23667
Microsoft Graphics Component CVE-2026-23668
Windows Print Spooler Components CVE-2026-23669
Windows Bluetooth RFCOM Protocol Driver CVE-2026-23671
Windows Universal Disk Format File System Driver (UDFS) CVE-2026-23672
Windows Resilient File System (ReFS) CVE-2026-23673
Windows MapUrlToZone CVE-2026-23674
Push Message Routing Service CVE-2026-24282
Windows File Server CVE-2026-24283
Windows Win32K CVE-2026-24285
Windows Kernel CVE-2026-24287
Windows Mobile Broadband CVE-2026-24288
Windows Kernel CVE-2026-24289
Windows Projected File System CVE-2026-24290
Windows Accessibility Infrastructure (ATBroker.exe) CVE-2026-24291
Connected Devices Platform Service (Cdpsvc) CVE-2026-24292
Windows Ancillary Function Driver for WinSock CVE-2026-24293
Windows SMB Server CVE-2026-24294
Windows Device Association Service CVE-2026-24295
Windows Device Association Service CVE-2026-24296
Windows Kerberos CVE-2026-24297
Windows Performance Counters CVE-2026-25165
Windows System Image Manager CVE-2026-25166
Microsoft Brokering File System CVE-2026-25167
Microsoft Graphics Component CVE-2026-25168
Microsoft Graphics Component CVE-2026-25169
Role: Windows Hyper-V CVE-2026-25170
Windows Authentication Methods CVE-2026-25171
Windows Routing and Remote Access Service (RRAS) CVE-2026-25172
Windows Routing and Remote Access Service (RRAS) CVE-2026-25173
Windows Extensible File Allocation CVE-2026-25174
Windows NTFS CVE-2026-25175
Windows Ancillary Function Driver for WinSock CVE-2026-25176
Active Directory Domain Services CVE-2026-25177
Windows Ancillary Function Driver for WinSock CVE-2026-25178
Windows Ancillary Function Driver for WinSock CVE-2026-25179
Microsoft Graphics Component CVE-2026-25180
Windows GDI+ CVE-2026-25181
Windows Shell Link Processing CVE-2026-25185
Windows Accessibility Infrastructure (ATBroker.exe) CVE-2026-25186
Winlogon CVE-2026-25187 7
Windows Telephony Service CVE-2026-25188
Windows DWM Core Library CVE-2026-25189
Windows GDI CVE-2026-25190
Microsoft Office SharePoint CVE-2026-26105
Microsoft Office SharePoint CVE-2026-26106
Microsoft Office Excel CVE-2026-26107
Microsoft Office Excel CVE-2026-26108
Microsoft Office Excel CVE-2026-26109
Microsoft Office CVE-2026-26110
Windows Routing and Remote Access Service (RRAS) CVE-2026-26111
Microsoft Office Excel CVE-2026-26112
Microsoft Office CVE-2026-26113
Microsoft Office SharePoint CVE-2026-26114
SQL Server CVE-2026-26115
SQL Server CVE-2026-26116
Azure Windows Virtual Machine Agent CVE-2026-26117
Azure MCP Server CVE-2026-26118
Azure IoT Explorer CVE-2026-26121
Azure Compute Gallery CVE-2026-26122
Microsoft Authenticator CVE-2026-26123
Azure Compute Gallery CVE-2026-26124 Payment Orchestrator Service CVE-2026-26125 8.6
.NET CVE-2026-26127
Windows SMB Server CVE-2026-26128
ASP.NET Core CVE-2026-26130
.NET CVE-2026-26131
Windows Kernel CVE-2026-26132
Microsoft Office CVE-2026-26134
Azure Arc CVE-2026-26141
Microsoft Office Excel CVE-2026-26144
We are republishing 10 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
GitHub Microsoft Semantic Kernel Python SDK CVE-2026-26030
Chrome Microsoft Edge (Chromium-based) CVE-2026-3536
Chrome Microsoft Edge (Chromium-based) CVE-2026-3538
Chrome Microsoft Edge (Chromium-based) CVE-2026-3539
Chrome Microsoft Edge (Chromium-based) CVE-2026-3540
Chrome Microsoft Edge (Chromium-based) CVE-2026-3541
Chrome Microsoft Edge (Chromium-based) CVE-2026-3542
Chrome Microsoft Edge (Chromium-based) CVE-2026-3543
Chrome Microsoft Edge (Chromium-based) CVE-2026-3544
Chrome Microsoft Edge (Chromium-based) CVE-2026-3545
Security Update Guide Blog Posts
Date Blog Post
October 31, 2025 You asked, we delivered: Introducing new features for an improved security experience
October 28, 2025 Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know
October 22, 2025 Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond
November 12, 2024 Toward greater transparency: Publishing machine-readable CSAF files
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Resources
Released: Mar 10, 2026
March 2026 Security Updates - Release Notes - Security Update Guide - Microsoft
This release consists of the following 83 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?
System Center Operations Manager CVE-2026-20967
SQL Server CVE-2026-21262
Microsoft Devices Pricing Program CVE-2026-21536
Azure Compute Gallery CVE-2026-23651
GitHub Repo: zero-shot-scfoundation CVE-2026-23654
Windows App Installer CVE-2026-23656
Azure Portal Windows Admin Center CVE-2026-23660
Azure IoT Explorer CVE-2026-23661
Azure IoT Explorer CVE-2026-23662
Azure IoT Explorer CVE-2026-23664
Azure Linux Virtual Machines CVE-2026-23665
Broadcast DVR CVE-2026-23667
Microsoft Graphics Component CVE-2026-23668
Windows Print Spooler Components CVE-2026-23669
Windows Bluetooth RFCOM Protocol Driver CVE-2026-23671
Windows Universal Disk Format File System Driver (UDFS) CVE-2026-23672
Windows Resilient File System (ReFS) CVE-2026-23673
Windows MapUrlToZone CVE-2026-23674
Push Message Routing Service CVE-2026-24282
Windows File Server CVE-2026-24283
Windows Win32K CVE-2026-24285
Windows Kernel CVE-2026-24287
Windows Mobile Broadband CVE-2026-24288
Windows Kernel CVE-2026-24289
Windows Projected File System CVE-2026-24290
Windows Accessibility Infrastructure (ATBroker.exe) CVE-2026-24291
Connected Devices Platform Service (Cdpsvc) CVE-2026-24292
Windows Ancillary Function Driver for WinSock CVE-2026-24293
Windows SMB Server CVE-2026-24294
Windows Device Association Service CVE-2026-24295
Windows Device Association Service CVE-2026-24296
Windows Kerberos CVE-2026-24297
Windows Performance Counters CVE-2026-25165
Windows System Image Manager CVE-2026-25166
Microsoft Brokering File System CVE-2026-25167
Microsoft Graphics Component CVE-2026-25168
Microsoft Graphics Component CVE-2026-25169
Role: Windows Hyper-V CVE-2026-25170
Windows Authentication Methods CVE-2026-25171
Windows Routing and Remote Access Service (RRAS) CVE-2026-25172
Windows Routing and Remote Access Service (RRAS) CVE-2026-25173
Windows Extensible File Allocation CVE-2026-25174
Windows NTFS CVE-2026-25175
Windows Ancillary Function Driver for WinSock CVE-2026-25176
Active Directory Domain Services CVE-2026-25177
Windows Ancillary Function Driver for WinSock CVE-2026-25178
Windows Ancillary Function Driver for WinSock CVE-2026-25179
Microsoft Graphics Component CVE-2026-25180
Windows GDI+ CVE-2026-25181
Windows Shell Link Processing CVE-2026-25185
Windows Accessibility Infrastructure (ATBroker.exe) CVE-2026-25186
Winlogon CVE-2026-25187 7
Windows Telephony Service CVE-2026-25188
Windows DWM Core Library CVE-2026-25189
Windows GDI CVE-2026-25190
Microsoft Office SharePoint CVE-2026-26105
Microsoft Office SharePoint CVE-2026-26106
Microsoft Office Excel CVE-2026-26107
Microsoft Office Excel CVE-2026-26108
Microsoft Office Excel CVE-2026-26109
Microsoft Office CVE-2026-26110
Windows Routing and Remote Access Service (RRAS) CVE-2026-26111
Microsoft Office Excel CVE-2026-26112
Microsoft Office CVE-2026-26113
Microsoft Office SharePoint CVE-2026-26114
SQL Server CVE-2026-26115
SQL Server CVE-2026-26116
Azure Windows Virtual Machine Agent CVE-2026-26117
Azure MCP Server CVE-2026-26118
Azure IoT Explorer CVE-2026-26121
Azure Compute Gallery CVE-2026-26122
Microsoft Authenticator CVE-2026-26123
Azure Compute Gallery CVE-2026-26124 Payment Orchestrator Service CVE-2026-26125 8.6
.NET CVE-2026-26127
Windows SMB Server CVE-2026-26128
ASP.NET Core CVE-2026-26130
.NET CVE-2026-26131
Windows Kernel CVE-2026-26132
Microsoft Office CVE-2026-26134
Azure Arc CVE-2026-26141
Microsoft Office Excel CVE-2026-26144
We are republishing 10 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
GitHub Microsoft Semantic Kernel Python SDK CVE-2026-26030
Chrome Microsoft Edge (Chromium-based) CVE-2026-3536
Chrome Microsoft Edge (Chromium-based) CVE-2026-3538
Chrome Microsoft Edge (Chromium-based) CVE-2026-3539
Chrome Microsoft Edge (Chromium-based) CVE-2026-3540
Chrome Microsoft Edge (Chromium-based) CVE-2026-3541
Chrome Microsoft Edge (Chromium-based) CVE-2026-3542
Chrome Microsoft Edge (Chromium-based) CVE-2026-3543
Chrome Microsoft Edge (Chromium-based) CVE-2026-3544
Chrome Microsoft Edge (Chromium-based) CVE-2026-3545
Security Update Guide Blog Posts
Date Blog Post
October 31, 2025 You asked, we delivered: Introducing new features for an improved security experience
October 28, 2025 Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know
October 22, 2025 Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond
November 12, 2024 Toward greater transparency: Publishing machine-readable CSAF files
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Resources
- The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
- Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
- Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
- Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
Released: Mar 10, 2026
March 2026 Security Updates - Release Notes - Security Update Guide - Microsoft
My Computer
System One
-
- OS
- Windows 11
