March 2026 Patch Tuesday fixes two zero-day vulnerabilities

Key Points:

• Two critical zero-day vulnerabilities (CVE-2026-21262 and CVE-2026-26127) in Microsoft products have been patched, with potential for privilege escalation and denial of service.
• CVE-2026-21262 allows a logged-in user to escalate privileges in SQL Server, potentially granting full administrative access. CVE-2026-26127 can cause .NET applications to crash, leading to service outages.
• Immediate installation of the March 2026 Patch Tuesday updates is recommended to mitigate these vulnerabilities.

Technical Details: CVE-2026-21262 has a CVSS score of 8.8 and allows exploitation over the network through crafted SQL requests. CVE-2026-26127 has a CVSS score of 7.5 and affects .NET versions 9.0 and 10.0 across multiple operating systems.

MITRE ATT&CK Techniques: None mentioned

IOCs Mentioned: None mentioned