Microsoft security patch release for CVE-2026-21262
Security Patch Release
Summary
Hide ▲
Show ▼
Microsoft's March 2026 Patch Tuesday delivers fixes for 79 flaws, including 2 publicly disclosed zero-days and several Critical issues across SQL Server, .NET, and Microsoft Office. The release includes 2 Office remote code execution bugs that can be triggered via the preview pane, plus an Excel information disclosure flaw that could let an attacker exfiltrate data through Microsoft Copilot. The two zero-days are CVE-2026-21262 in SQL Server and CVE-2026-26127 in .NET. Administrators should prioritize deployment because the bundle covers both privilege escalation and code execution risk.
Related Happenings
Microsoft security patch release for CVE-2026-45659
Security Patch Release
First: 26.05.2026 14:49
Last: 26.05.2026 14:49
Sources 1
About this happening:
Microsoft released **SharePoint** updates for **CVE-2026-45659**, a **remote code execution** flaw that could let an authenticated attacker run code over the network without eleva...
Microsoft security patch release for CVE-2026-45659
Security Patch ReleaseAbout this happening: Microsoft released **SharePoint** updates for **CVE-2026-45659**, a **remote code execution** flaw that could let an authenticated attacker run code over the network without eleva...
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/Mitigation
First: 20.05.2026 10:31
Last: 20.05.2026 10:31
Sources 1
About this happening:
Microsoft issued **mitigation guidance** for **YellowKey**, a **Windows BitLocker zero-day** that can expose **BitLocker-protected drives** before the security update is available...
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/MitigationAbout this happening: Microsoft issued **mitigation guidance** for **YellowKey**, a **Windows BitLocker zero-day** that can expose **BitLocker-protected drives** before the security update is available...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/Mitigation
First: 15.05.2026 12:40
Last: 15.05.2026 12:40
Sources 1
About this happening:
**Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/MitigationAbout this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Latest development: 15.05.2026 15:35
Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
First: 13.05.2026 16:46
Last: 13.05.2026 16:46
Sources 1
About this happening:
Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/ServiceAbout this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft May 2026 Patch Tuesday release
Security Patch Release
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Microsoft May 2026 Patch Tuesday release
Security Patch ReleaseAbout this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Timeline
-
10.03.2026 19:49 2 articles · 2mo ago
Microsoft March 2026 Patch Tuesday release
Initial DisclosureMicrosoft released March 2026 Patch Tuesday security updates for 79 flaws, including two publicly disclosed zero-days: CVE-2026-21262 in SQL Server, which can grant SQLAdmin privileges, and CVE-2026-26127 in .NET, which can be used for denial of service. The bundle also fixed two Microsoft Office remote code execution bugs, CVE-2026-26110 and CVE-2026-26113, exploitable through the preview pane, and an Excel information disclosure flaw, CVE-2026-26144, that could enable data exfiltration via Microsoft Copilot.
Show sources
- Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws — www.bleepingcomputer.com — 10.03.2026 19:49
- Microsoft Fixes Two Publicly Disclosed Zero-Days — www.infosecurity-magazine.com — 11.03.2026 11:20