CRITICALVulnerability
Verified
Global

Microsoft Patches 97 Vulnerabilities Including Three Actively Exploited Zero-Days

Thursday, March 12, 2026 at 05:00 PM UTC·Source: Microsoft MSRC

Updated: Friday, March 13, 2026 at 10:00 AM UTC

Executive Summary

March 2026 Patch Tuesday addresses 97 CVEs with three actively exploited zero-days in Windows kernel, NTLM, and Hyper-V.

Analysis

Microsoft March 2026 Patch Tuesday addresses 97 vulnerabilities across Windows, Office, Azure, and Exchange. Three zero-days are under active exploitation: CVE-2026-21399 (Windows kernel EoP), CVE-2026-21400 (NTLM hash leak), CVE-2026-21401 (Hyper-V guest escape). CISA added all three to KEV catalog with 21-day remediation deadline.

Timeline

Discovered
Mar 1, 2026
Exploitation Detected
Mar 1, 2026
Published
Mar 12, 2026
Patch Available
Mar 12, 2026

Indicators of Compromise (3)

CVE (3)
CVE-2026-21399
NVDMITRE CVE
CVE-2026-21400
NVDMITRE CVE
CVE-2026-21401
NVDMITRE CVE
Source Attribution

Originally published by Microsoft MSRC on Mar 12, 2026. Verified by: Microsoft, CISA.

Related Threats

MEDIUMVulnerability

Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026

AI-driven threats, global leadership shifts, and the future of cybersecurity in a rapidly evolving landscape were among the discussions at RSAC 2026 Conference.

Dark Reading
MEDIUMVulnerability

House Dems decry confirmed ICE usage of Paragon spyware

The trio of Democrats weren’t satisfied with Immigration and Customs Enforcement answers, and criticized the spyware’s use. The post House Dems decry confirmed ICE usage of Paragon spyware appeared first on CyberScoop .

CyberScoop
MEDIUMVulnerability

Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate

The company's 8-K filing notes "unauthorized access" and that it's activated business continuity plans and taken some systems offline.

Dark Reading