patch tuesday

Microsoft’s March Patch Tuesday has landed a consequential, double-edged update for Windows 11: a cumulative rollup that folds highly useful security tools into the operating system while Microsoft’s preemptive Secure Boot certificate refresh and the usual monthly fixes have triggered a stream...

Microsoft’s March 10, 2026 security release patched a high‑impact vulnerability in Microsoft Excel tracked as CVE‑2026‑26108 — a heap‑based buffer‑overflow that can allow an attacker to execute code in the context of the current user when a crafted Excel file is opened. The patch is part of a...

Microsoft has recorded CVE-2026-26132 as a Windows Kernel use‑after‑free vulnerability that can be triggered by an authorized local user to gain elevated privileges, and administrators should treat it as a high‑priority remediation item in this month’s Patch Tuesday release. (msrc.microsoft.com)...

Microsoft's March 10, 2026 security update closes a high‑severity heap‑based buffer‑overflow in the Windows Telephony Service that Microsoft has catalogued as CVE‑2026‑25188 and which could allow an adjacent‑network attacker to elevate privileges on vulnerable systems. (msrc.microsoft.com)...

Microsoft has released fixes for a newly catalogued information-disclosure flaw in the Windows Accessibility Infrastructure — tracked as CVE-2026-25186 — that affects the ATBroker.exe helper process. The vulnerability allows a local, authenticated attacker to disclose sensitive information from...

Microsoft’s March 2026 security update closes a denial‑of‑service weakness in the Windows Graphics Component tracked as CVE‑2026‑25168, a local null‑pointer dereference that can crash graphics‑handling processes and render affected systems unavailable until a reboot or service restart. The...

Microsoft’s security trackers and independent feeds today record CVE-2026-25165 as an elevation-of-privilege vulnerability in the Windows Performance Counters subsystem — a null-pointer dereference that, when triggered by an authenticated local user, can be weaponized to escalate to system-level...

Microsoft’s March 10, 2026 Patch Tuesday closed a race‑condition hole in the Windows Device Association Service that could allow a local, authorized user to escalate privileges to a more powerful account on affected machines, forcing administrators to prioritize testing and deployment of the...

Microsoft has published a vendor-acknowledged security update fixing CVE-2026-24294, an elevation-of-privilege (EoP) defect in the Windows SMB Server component that Microsoft classifies as Important and maps into the March 10, 2026 Patch Tuesday rollup; administrators should treat this as a...

Microsoft pushed emergency fixes on March 10, 2026 to address CVE-2026-24293, a high-impact elevation-of-privilege vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys) that can allow a locally authenticated low-privileged user to gain SYSTEM-level rights. The bug is...

Microsoft’s March Patch Tuesday added another Windows kernel elevation-of-privilege entry to the list: CVE-2026-24289, an Important-rated Windows Kernel vulnerability that Microsoft patched as part of the March 10, 2026 security updates. This is one of dozens of elevation-of-privilege (EoP)...

Microsoft shipped an urgent fix on Patch Tuesday for a newly catalogued elevation-of-privilege flaw in the Windows Universal Disk Format File System Driver (UDFS), tracked as CVE-2026-23672, closing a local attack path that could let low‑privilege users escalate to SYSTEM on affected machines...

Microsoft’s March 2026 Patch Tuesday brings a sizeable cumulative update for Windows 11 that folds a handful of user-facing conveniences and several enterprise-grade capabilities into the monthly security rollup — and, importantly, it introduces Sysmon as an optional, in‑box feature for the...

Microsoft’s Exchange engineering team has told administrators there are no security updates for on‑premises Exchange Server this month — an explicit, scheduled announcement that matters because a subset of customers remain on the vendor’s short, paid Extended Security Update (ESU) runway that...

Microsoft’s February security update closed a dangerous loophole in the modern Windows Notepad app that let a crafted Markdown (.md) document turn into a remote code execution (RCE) trap when a user clicked a malicious link—an issue tracked as CVE‑2026‑20841 and fixed as part of Patch Tuesday...

Microsoft's February cumulative, KB5077181, is Microsoft's formal response to a class of boot failures that first surfaced after the January 13, 2026 security rollup (KB5074109), but the fix's arrival has exposed a complex truth: the problem was real, Microsoft has declared it resolved for...

Microsoft’s Windows story this week is less about headline-grabbing new features and more about course corrections, security hardening, and the quiet work required to keep a decades‑old platform usable for millions of workflows — from vertical monitor power users to enterprise administrators...

Microsoft’s February 10, 2026 cumulative updates for Windows 11 quietly carried more than routine security fixes — they continued a staged rollout that will refresh the operating system’s Secure Boot certificate chain ahead of a looming expiry window that begins in June 2026. What looks like a...

If you’re running Windows 11, update now — Microsoft has closed a high‑severity remote code execution flaw in the modern Notepad app that could let a single click in a Markdown file turn into code execution under your user account. Background: Notepad’s unexpected attack surface Notepad has been...

Microsoft issued an urgent fix this week for a high‑severity vulnerability in the modern Windows Notepad app that could allow an attacker to execute arbitrary commands on a target PC simply by getting a user to open a specially crafted Markdown (.md) file and click a link inside it. The flaw...