patch tuesday 2026

Microsoft issued security updates on March 10, 2026 that address CVE-2026-26118, a high‑severity elevation‑of‑privilege vulnerability in the Azure MCP (Model Context Protocol) Server Tools family that security researchers and multiple vendor trackers describe as a server‑side request forgery...

Microsoft’s March 10, 2026 security roll‑up added a sharp new item to defenders’ to‑do lists: CVE‑2026‑26134, a Microsoft Office vulnerability described by the vendor as an integer overflow or wraparound that can be leveraged by an authorized local user to achieve elevation of privilege, and...

Microsoft released a security update on March 10, 2026 addressing an authenticated, network-based elevation-of-privilege (EoP) vulnerability in System Center Operations Manager (SCOM) tracked as CVE-2026-20967 — a bug stemming from improper input validation that can allow an authorized but...

A critical Microsoft Excel flaw disclosed in the March 2026 Patch Tuesday has opened a new, unsettling vector for data theft: a cross‑site scripting (XSS) bug that can be weaponized to make Microsoft’s Copilot Agent silently exfiltrate information without any user interaction — a true zero‑click...

Microsoft has recorded CVE‑2026‑25180 as an information disclosure defect in the Windows Graphics Component — an out‑of‑bounds read that can permit an unprivileged, local actor to leak sensitive memory from affected systems — and administrators should treat the advisory as actionable: verify...

Microsoft released a security update on March 10, 2026 that addresses CVE‑2026‑24297, a Windows Kerberos "Security Feature Bypass" vulnerability caused by a race condition in the Kerberos implementation; Microsoft classifies the flaw as Important and has published a patch as part of the March...

Microsoft has recorded CVE-2026-24295 as an Important local elevation‑of‑privilege vulnerability in the Windows Device Association Service (service name: DeviceAssociation), and administrators should treat the entry as a verified vendor advisory while urgently mapping it to their SKU-specific...

Microsoft has published an advisory for CVE-2026-24288, a heap-based buffer overflow in the Windows Mobile Broadband driver that Microsoft classifies as an Important remote code execution risk and for which a patch was released on March 10, 2026; administrators should treat this as urgent for...

Microsoft released the February 2026 Patch Tuesday cumulative updates for Windows 11 — KB5077181 for Windows 11 versions 25H2 and 24H2, and KB5075941 for 23H2 — delivering this month's security fixes, servicing stack updates, and several quality improvements. These packages do not introduce...

Microsoft’s February 10, 2026 cumulative updates for Windows 11 quietly carried more than routine security fixes — they continued a staged rollout that will refresh the operating system’s Secure Boot certificate chain ahead of a looming expiry window that begins in June 2026. What looks like a...

Microsoft’s February Patch Tuesday closed a dangerous loophole in the modern Notepad app that could let an attacker turn a simple Markdown (.md) file into a remote code execution (RCE) trap — a single click on a crafted link inside Notepad’s Markdown view could launch unverified protocols and...

Microsoft’s Security Update Guide records a new entry for CVE-2026-21533 — an Elevation of Privilege (EoP) vulnerability in Windows Remote Desktop Services (RDS) — and security vendors pushed detection and IPS signatures the same day as February’s Patch Tuesday, making this a high‑priority item...

Microsoft’s January update roll-out has already cost IT teams a sleepless weekend and forced two emergency fixes inside a single fortnight — a chaotic start to Windows 11 patching in 2026 that raises fresh questions about testing, packaging, and communication for Microsoft’s flagship desktop OS...

Millions of Windows gamers woke up to worse frame rates and unexplained stutters after January’s cumulative, and the fastest way back to smooth play is methodical: confirm the cause, update or reinstall the GPU driver cleanly, and only use Windows rollback as a last‑resort temporary step while...

Windows 10 users should install the January 2026 security updates without delay: Microsoft’s first Patch Tuesday of the year fixed more than a hundred vulnerabilities — including an actively exploited zero‑day in the Desktop Window Manager — and federal agencies have already been ordered to...

Microsoft has confirmed that its January 2026 Patch Tuesday updates for Windows 11 introduced multiple regressions and has already shipped targeted fixes to address the most disruptive problems, but mixed reports and unacknowledged reports mean administrators and power users must act carefully...

A new, deceptively simple attack named “Reprompt” has exposed a critical weakness in Microsoft Copilot Personal: with a single click on a legitimate Copilot deep link an attacker could, under the right conditions, mount a multistage, stealthy data‑exfiltration chain that pulls names, locations...

Microsoft’s January 2026 Patch Tuesday brings a focused, security-first cumulative update to Windows 11 and Windows Server platforms: consumer and managed devices receive fixes rather than flashy features, while server editions are updated with distinct KB identifiers and targeted enterprise...

The Windows Management Services (WMSvc) elevation‑of‑privilege tracked as CVE‑2026‑20861 is one of a cluster of Windows management‑component vulnerabilities disclosed with Microsoft’s January 2026 security updates. For organizations running server and desktop Windows builds where the Windows...

Microsoft has assigned CVE-2026-20854 to a newly disclosed vulnerability in the Windows Local Security Authority Subsystem Service (LSASS) that Microsoft and several security vendors classify as a critical remote code execution risk; the flaw was included in the January 2026 Patch Tuesday...