Microsoft’s March 2026 Patch Tuesday Recap: 79+ Fixes, Two Zero‑Days, and Big Windows 11 Improvements

Why this Patch Tuesday matters

Microsoft’s March 2026 Patch Tuesday is now live, bringing fixes for around 79–84 vulnerabilities across Windows, Office, Azure, and more, including two publicly disclosed zero‑day flaws. For Windows 11 users, the headline is cumulative update KB5079473, which not only rolls in the security patches but also adds several quality‑of‑life features and File Explorer improvements. If you manage Windows fleets or just like to stay current on Patch Tuesday, this is a month you do not want to skip.

Patch Tuesday by the numbers

Microsoft and security researchers don’t all land on the exact same total, but the March 2026 Patch Tuesday payload clearly sits in the high‑70s to low‑80s range of CVEs. Windows‑focused coverage puts the patched flaws at 79, while broader counts including cloud and niche components go up to 83–84 CVEs. A breakdown from Windows and security sites shows at least 5 rated as Critical, with the rest marked Important.

Windows Latest cites Microsoft data showing 58 security flaws in the Windows 11 KB5079473 bucket alone, including actively exploited and publicly disclosed issues. The same breakdown lists 25 elevation of privilege bugs, 12 remote code execution flaws, 6 information disclosure issues, 7 spoofing vulnerabilities, and a handful of denial‑of‑service and security feature bypass problems.

The two zero‑days and Office preview‑pane risks

This month’s Patch Tuesday fixes two publicly disclosed zero‑day vulnerabilities, though Microsoft says it has not seen active exploitation in the wild at the time of release. One of these is CVE‑2026‑21262, an elevation of privilege vulnerability in SQL Server that could be used to gain higher‑level access on affected systems. The other publicly known zero‑day is a .NET denial‑of‑service issue, CVE‑2026‑26127, which could be used to degrade service availability in apps relying on vulnerable components.

Beyond the zero‑days, Office gets special attention this month. Microsoft has patched two remote code execution bugs, CVE‑2026‑26110 and CVE‑2026‑26113, that can be triggered via the Office preview pane—meaning a user might be at risk simply by selecting a malicious document to preview rather than fully opening it. There is also an information disclosure vulnerability in Excel, CVE‑2026‑26144, that researchers warn could allow data exfiltration through Microsoft Copilot, raising concerns for organizations that heavily rely on Excel for sensitive financial or operational data.

Windows 11 KB5079473: security plus new features

On Windows 11, KB5079473 is the March 2026 cumulative update for versions 24H2 and 25H2, and it’s mandatory because it carries the Patch Tuesday security bits. You can grab it via Settings > Windows Update > Check for updates, or pick up the .msu offline installer directly from the Microsoft Update Catalog if you manage multiple machines.

This update does more than just plug holes. There are nine new features, including Emoji 16.0 support, a built‑in network speed test, and a streamlined “Extract all” option directly on the File Explorer command bar for non‑ZIP archive types. File Explorer also sees reliability improvements when searching across multiple drives or “This PC,” plus better handling of devices on the Network page. On the display side, Microsoft says KB5079473 improves wake‑from‑sleep reliability and speeds up resume times, especially on systems under heavy load.

Secure Boot certificates and long‑term reliability

One of the more quietly important parts of this month’s update is how it prepares devices for upcoming Secure Boot certificate changes. Microsoft is pushing “high‑confidence device targeting data” designed to increase the number of PCs that automatically receive new Secure Boot certificates before older ones expire in June 2026. The aim is to avoid a situation where some systems suddenly fail Secure Boot checks because they didn’t get updated in time.

Alongside the main cumulative update, Microsoft is also updating the servicing stack, which is the component responsible for installing Windows updates and maintaining the OS. A more reliable servicing stack generally means fewer failed update attempts, smoother cumulative update installs, and less risk that a partially applied patch leaves a system in a weird state.

What this means for admins and power users

For IT admins, March 2026 is another Patch Tuesday where prioritization matters. The combination of SQL Server elevation of privilege, Office preview‑pane remote code execution, and the Excel Copilot data‑leak scenario is particularly relevant for enterprise environments. The safest approach is to fast‑track testing in a staging ring, then move to broad deployment once you’re confident line‑of‑business apps behave as expected.

Home and small‑business users should still treat this as a “don’t skip” month. Even if you don’t run SQL Server, the Windows core fixes and Office updates close off several realistic attack paths that could be abused in phishing campaigns and malicious document scenarios. If you’ve delayed updates recently, installing KB5079473 now also rolls up previous Patch Tuesday changes, so you get a bigger security boost in one shot.

Recent Posts You Might Like

• How to Use the New Windows 11 Taskbar Internet Speed Test Available Now in the March 2026 Update
• New Windows 11 KB5079473 & KB5078883 Cumulative Updates Land on March 2026 Patch Tuesday, Bringing 9 Practical and Actually Useful Upgrades
• Microsoft Announces Copilot Cowork: 4 Powerful Ways of Turning AI Chat into Getting Real Work Done
• Microsoft Reveals Powerful Microsoft 365 Copilot Wave 3 With New Agents, Agent 365, and E7 Frontier Suite