March 2026 Patch Tuesday: Eight Critical Vulnerabilities and Two Publicly Disclosed Among 82 CVEs Patched

Microsoft's March 2026 Patch Tuesday addressed 82 security vulnerabilities, including eight classified as Critical and two that were publicly disclosed. Notable among these is a critical remote code execution vulnerability, CVE-2026-21536, in the Microsoft Devices Pricing Program, which allows unauthenticated remote attackers to execute arbitrary code through an unrestricted file upload weakness. Microsoft has remediated this vulnerability within its cloud infrastructure, requiring no action from users. Other critical vulnerabilities include issues in Microsoft Office and Excel, with the potential for remote code execution and information disclosure. Additionally, the update highlights vulnerabilities in Microsoft ACI Confidential Containers, with potential for privilege elevation and information disclosure, all of which Microsoft has addressed without requiring user intervention. The update underscores the importance of regular patching and mitigation strategies, especially for vulnerabilities that cannot be easily patched.