Microsoft March 2026 Patch Tuesday Fixes 2 Public Zero-Days

Microsoft March 2026 Patch Tuesday Fixes 2 Public Zero-Days and Copilot-Linked Excel Risk | 2026

Executive Summary

Microsoft's March 2026 Patch Tuesday is not just another monthly rollup. The update fixes two publicly disclosed zero-day issues, two Microsoft Office remote code execution flaws that can be triggered through the preview pane, an Azure MCP Server weakness that may expose managed identity tokens, and an Excel issue Microsoft says could enable zero-click data exfiltration via Copilot Agent mode.

For defenders, the important story is the mix of enterprise realities in one patch cycle: public zero-days, productivity software exposure, cloud identity risk, and AI-assisted leakage paths. That combination turns routine patch management into a broader trust and exposure problem.

What happened in March 2026 Patch Tuesday?

Public reporting from BleepingComputer and The Hacker News says Microsoft addressed 79 to 84 vulnerabilities, depending on what products are counted in the total, with two issues already publicly known at the time of release.

The two publicly disclosed zero-days highlighted in reporting were:

CVE-2026-26127 — a .NET denial-of-service issue
CVE-2026-21262 — a SQL Server elevation-of-privilege issue that can grant SQLAdmin privileges

Those are not the only problems defenders should watch. Microsoft also fixed:

CVE-2026-26110 and CVE-2026-26113 — Microsoft Office remote code execution bugs that can be exploited via the preview pane
CVE-2026-26118 — an Azure Model Context Protocol Server issue that may leak a managed identity token through server-side request behavior
CVE-2026-26144 — an Excel information disclosure vulnerability that Microsoft says could lead to unintended network egress and Copilot-assisted zero-click disclosure

Why defenders should care

1. Public zero-days still create decision pressure

Even when Microsoft says the flaws are publicly disclosed rather than already exploited, defenders lose the luxury of a quiet remediation window. Once the details are public, attackers and researchers can both accelerate testing.

2. Preview-pane Office bugs are operationally dangerous

The Office flaws matter because users do not need to fully open a document to create exposure. For enterprise teams, preview behavior in email and collaboration workflows can turn a user habit into a meaningful risk multiplier.

3. Azure MCP Server changes the cloud identity conversation

According to Microsoft's description quoted in public reporting, CVE-2026-26118 could let an attacker feed a malicious URL into an MCP-backed agent and capture the managed identity token included in the outbound request. That is the kind of bug that bridges application logic, cloud trust, and token abuse.

4. Copilot-linked Excel disclosure is the quiet standout

The Excel issue is especially notable because Microsoft says a successful exploit could cause Copilot Agent mode to exfiltrate data in a zero-click scenario. In practical terms, this is not just an Office bug. It is a warning about how AI-connected workflows can amplify the impact of otherwise familiar web and document security weaknesses.

Technical focus areas

CVE-2026-21262 — SQL Server privilege escalation

The SQL Server issue appears to allow an authorized attacker to elevate privileges over the network and reach SQLAdmin-level access. That makes it high-priority wherever SQL Server supports sensitive applications, authentication paths, or business-critical reporting.

CVE-2026-26127 — .NET denial of service

Denial-of-service bugs are easy to downplay, but they still matter for exposed services and critical internal applications. Service interruption on authentication, line-of-business APIs, or customer workflows can quickly become an availability incident.

CVE-2026-26118 — Azure MCP token exposure path

This issue deserves attention from cloud and AI platform teams. If an MCP server can be tricked into sending a request to an attacker-controlled URL while attaching its managed identity token, the blast radius becomes whatever that identity can access.

CVE-2026-26144 — Excel disclosure with Copilot-assisted egress

Public reporting describes this as an information disclosure issue with cross-site scripting-style behavior in Excel. The real concern is not the label alone. It is the possibility of turning enterprise productivity tooling into an unexpected outbound channel for sensitive data.

Immediate actions to take

🔴 Patch Microsoft Office, Excel, .NET, and SQL Server quickly

Do not wait for the next broad maintenance window if affected systems are exposed or business-critical. Prioritize Office, Excel, SQL Server, and any environments using Azure MCP Server components.

🔴 Review managed identity scope in Azure environments

For teams experimenting with MCP-backed agents or AI tooling, verify what each managed identity can actually reach. Reduce permissions where possible and review any tools that accept user-supplied resource identifiers or URLs.

🔴 Treat Copilot-connected workflows as a security boundary

If your organization uses Copilot features around sensitive spreadsheets or internal data, review data handling assumptions now. AI workflow convenience can change egress paths in ways many teams have not fully modeled.

🟠 Tighten email and document handling controls

Because preview-pane exploitation is in scope for the Office RCE issues, strengthen attachment handling, detonation, and suspicious document review for high-risk users.

🟠 Prepare for post-patch hunting

Patch deployment should be followed by targeted validation. Look for unusual Office child processes, suspicious outbound calls from AI or automation components, SQL privilege anomalies, and signs of attempted token misuse.

Detection and response pointers

Security teams should look for:

unusual SQL Server privilege changes or unexpected SQLAdmin activity
suspicious Office preview-related execution chains
outbound requests from Azure MCP-related services to unexpected hosts
tokens used outside their normal service patterns
unusual Excel-driven network egress or activity tied to Copilot-enabled workflows
spikes in failed or degraded .NET application behavior after exploit attempts

Example Splunk hunt

spl
(index=o365 OR index=windows OR index=azure OR index=sql)
("EXCEL.EXE" OR "WINWORD.EXE" OR "sqlservr.exe" OR "managed identity" OR "copilot" OR "mcp")
("child_process" OR "preview" OR "token" OR "unexpected outbound" OR "SQLAdmin")
| stats count min(_time) as firstSeen max(_time) as lastSeen by host, user, process_name, parent_process_name, dest, command_line
| sort - lastSeen

Strategic takeaway

March 2026 Patch Tuesday shows how modern enterprise risk rarely sits in one silo. The same release cycle touches legacy server roles, user productivity software, cloud identity, and AI-assisted workflows.

That means defenders should stop reading Patch Tuesday only as a CVE count. The better question is which fixes alter trust boundaries across the estate. This month, Microsoft gave defenders several reasons to answer that question fast and run disciplined incident response if anything looks off.

Were the March 2026 Microsoft zero-days actively exploited?

Public reporting described them as publicly disclosed zero-days, not known to be exploited at release time. Even so, public disclosure shortens the safe patching window.

Why is the Excel issue getting extra attention?

Because Microsoft says CVE-2026-26144 could enable zero-click information disclosure via Copilot Agent mode, which raises the risk beyond a normal spreadsheet bug.

Why does CVE-2026-26118 matter so much?

Because managed identity tokens are high-value cloud credentials. If an attacker can trick an Azure MCP Server workflow into sending that token to an attacker-controlled endpoint, they may inherit whatever access that identity already has.

References

Published: 2026-03-17 Author: Invaders Cybersecurity Classification: Public / TLP:CLEAR Reading Time: 5 minutes

Microsoft March 2026 Patch Tuesday Fixes 2 Public Zero-Days and Copilot-Linked Excel Risk