patch tuesday

Microsoft has quietly changed how the official Windows 11 Media Creation Tool (MCT) builds installation media: instead of packaging an older baseline image and forcing freshly installed systems through many months of large cumulative downloads, the tool’s backend now pulls a more recent Patch...

Microsoft’s March Patch Tuesday landed with a heavy hit for database administrators: a high‑severity elevation‑of‑privilege bug in Microsoft SQL Server (CVE‑2026‑21262) that Microsoft patched across supported releases from SQL Server 2016 Service Pack 3 through SQL Server 2025, alongside fixes...

Windows 11’s March cumulative update (KB5079473), released on March 10, 2026, is one of the more consequential Patch Tuesday drops in recent memory — not because it dramatically reshapes the OS, but because Microsoft folded a string of measurable quality-of-life improvements and enterprise-grade...

Microsoft’s March Patch Tuesday landed this week with another heavy set of fixes — security teams should stop what they’re doing, check their inventory, install updates and restart affected machines as soon as practical. The rollout patches dozens of vulnerabilities across Windows, Office, SQL...

Microsoft pushed a heavy Patch Tuesday to Windows and Office environments on March 10, 2026 — and if you haven’t checked your PCs and servers yet, now is the time to do it. The March 10, 2026 security rollup addresses a large cluster of vulnerabilities across Windows, Office, .NET and SQL...

Microsoft’s March 10, 2026 cumulative update for Windows 11 (KB5078883, OS Build 22631.6783) is deceptively simple in its changelog but consequential in practice: alongside routine security hardening and reliability fixes, Microsoft has accelerated and expanded a coordinated rollout that...

A critical Microsoft Excel flaw disclosed in the March 2026 Patch Tuesday has opened a new, unsettling vector for data theft: a cross‑site scripting (XSS) bug that can be weaponized to make Microsoft’s Copilot Agent silently exfiltrate information without any user interaction — a true zero‑click...

Microsoft’s March 2026 Patch Tuesday for Windows 11 is more than a routine security roll‑in — KB5079473 (Builds 26200.8037 and 26100.8037) bundles practical quality-of-life features, enterprise-facing telemetry and certificate work, and several reliability fixes that together signal Microsoft’s...

Microsoft’s March Patch Tuesday has landed a consequential, double-edged update for Windows 11: a cumulative rollup that folds highly useful security tools into the operating system while Microsoft’s preemptive Secure Boot certificate refresh and the usual monthly fixes have triggered a stream...

Microsoft’s March 10, 2026 security release patched a high‑impact vulnerability in Microsoft Excel tracked as CVE‑2026‑26108 — a heap‑based buffer‑overflow that can allow an attacker to execute code in the context of the current user when a crafted Excel file is opened. The patch is part of a...

Microsoft has recorded CVE-2026-26132 as a Windows Kernel use‑after‑free vulnerability that can be triggered by an authorized local user to gain elevated privileges, and administrators should treat it as a high‑priority remediation item in this month’s Patch Tuesday release. (msrc.microsoft.com)...

Microsoft's March 10, 2026 security update closes a high‑severity heap‑based buffer‑overflow in the Windows Telephony Service that Microsoft has catalogued as CVE‑2026‑25188 and which could allow an adjacent‑network attacker to elevate privileges on vulnerable systems. (msrc.microsoft.com)...

Microsoft has released fixes for a newly catalogued information-disclosure flaw in the Windows Accessibility Infrastructure — tracked as CVE-2026-25186 — that affects the ATBroker.exe helper process. The vulnerability allows a local, authenticated attacker to disclose sensitive information from...

Microsoft’s March 2026 security update closes a denial‑of‑service weakness in the Windows Graphics Component tracked as CVE‑2026‑25168, a local null‑pointer dereference that can crash graphics‑handling processes and render affected systems unavailable until a reboot or service restart. The...

Microsoft’s security trackers and independent feeds today record CVE-2026-25165 as an elevation-of-privilege vulnerability in the Windows Performance Counters subsystem — a null-pointer dereference that, when triggered by an authenticated local user, can be weaponized to escalate to system-level...

Microsoft’s March 10, 2026 Patch Tuesday closed a race‑condition hole in the Windows Device Association Service that could allow a local, authorized user to escalate privileges to a more powerful account on affected machines, forcing administrators to prioritize testing and deployment of the...

Microsoft has published a vendor-acknowledged security update fixing CVE-2026-24294, an elevation-of-privilege (EoP) defect in the Windows SMB Server component that Microsoft classifies as Important and maps into the March 10, 2026 Patch Tuesday rollup; administrators should treat this as a...

Microsoft pushed emergency fixes on March 10, 2026 to address CVE-2026-24293, a high-impact elevation-of-privilege vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys) that can allow a locally authenticated low-privileged user to gain SYSTEM-level rights. The bug is...

Microsoft’s March Patch Tuesday added another Windows kernel elevation-of-privilege entry to the list: CVE-2026-24289, an Important-rated Windows Kernel vulnerability that Microsoft patched as part of the March 10, 2026 security updates. This is one of dozens of elevation-of-privilege (EoP)...

Microsoft shipped an urgent fix on Patch Tuesday for a newly catalogued elevation-of-privilege flaw in the Windows Universal Disk Format File System Driver (UDFS), tracked as CVE-2026-23672, closing a local attack path that could let low‑privilege users escalate to SYSTEM on affected machines...