Microsoft March 2026 Patch Tuesday fixes 2 zero-days, Windows 11 KB5079473 rolls out

Microsoft’s March 10, 2026, Patch Tuesday includes fixes for 79 vulnerabilities, including two publicly disclosed zero-days and three Critical flaws. According to BleepingComputer’s roundup of Microsoft’s release, the two disclosed zero-days are CVE-2026-21262 in SQL Server and CVE-2026-26127 in .NET, while this month’s release also addresses two Microsoft Office remote-code-execution bugs that can be triggered through the preview pane.

Windows 11 and Windows 10 builds shipping with the March Patch Tuesday

On the Windows side, Microsoft has published KB5079473 for Windows 11 version 25H2 and 24H2, taking those branches to OS Builds 26200.8037 and 26100.8037. Windows 11 version 23H2 receives KB5078883 and moves to OS Build 22631.6783. Windows 10 version 22H2 and 21H2 receive KB5078885, which raises those branches to OS Builds 19045.7058 and 19044.7058.

Microsoft says KB5079473 for Windows 11 25H2 and 24H2 includes the latest security fixes plus the non-security changes from last month’s preview release. The support notes list broader Secure Boot certificate targeting, improved File Explorer search reliability across multiple drives or “This PC,” better Windows Defender Application Control handling for COM allowlisting policies, and a more explicit trust warning in Windows System Image Manager. Microsoft also says it is not currently aware of any issues with this update.

For Windows 11 23H2, Microsoft says KB5078883 addresses security issues and pulls in February’s quality fixes. Those include broader targeting for the new Secure Boot certificates, two new PowerShell options tied to the Secure Boot rollout, improved File History reliability for some character sets, better GPU stability for shutdowns and intensive graphics workloads, and the same trusted-catalog warning dialog in Windows System Image Manager. Microsoft’s support page also says it is not currently aware of any issues with KB5078883.

Windows 10 KB5078885 similarly bundles March’s security fixes with a small set of quality improvements. Microsoft highlights a trusted-source warning for catalog file selection in Windows System Image Manager, File History backup fixes for some Chinese and Private Use Area character names, improved GPU stability, and wider targeting for devices eligible to receive the new Secure Boot certificates automatically. Microsoft says it is not currently aware of any known issues with this update either.

Security and transparency

The bigger hook here remains the vulnerability slate rather than the feature changes. In addition to the two publicly disclosed zero-days, BleepingComputer reports that Microsoft also fixed two Office flaws that can be exploited via the preview pane, as well as an Excel information-disclosure issue that Microsoft says could potentially be abused to exfiltrate data through Copilot Agent mode. That makes this month’s Patch Tuesday more notable than a routine cumulative update drop, even if Microsoft’s Windows release notes themselves are fairly light on user-facing changes.

For Windows 10 users, this release lands after Microsoft ended mainstream Windows 10 support on October 14, 2025. Microsoft says PCs can still keep running, but standard technical support, feature updates, and security updates are no longer provided outside the available Extended Security Updates path, which is why March’s Windows 10 security package will matter most to systems still being maintained under that post-EOS route.