Microsoft Patch Tuesday: March 2026

On March 10, 2026, Microsoft released its March 2026 security update addressing 83 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities affecting Microsoft Office in this security bulletin, which Microsoft has rated as critical.

On March 10, 2026, Microsoft released its March 2026 security update addressing 83 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities affecting Microsoft Office in this security bulletin, which Microsoft has rated as critical. At the time of writing, none of the vulnerabilities in this update have been reported as exploited in the wild.

Vulnerabilities

Vulnerability	CVSS	Description
	8.4	Microsoft Office Remote Code Execution Vulnerability – A type confusion vulnerability that allows a remote threat actor to execute code. Although the threat actor is remote, the exploitation and code execution occur on the victim��s local system. The preview pane is an attack vector.
	8.4	Microsoft Office Remote Code Execution Vulnerability – An untrusted pointer dereference vulnerability that allows a remote threat actor to execute code. Although the threat actor is remote, the exploitation and code execution occur on the victim��s local system. The preview pane is an attack vector.
	7.5	Microsoft Excel Information Disclosure Vulnerability – A cross-site scripting (XSS) vulnerability in Microsoft Excel allows remote threat actors to disclose information. Exploitation can cause the Copilot agent mode to exfiltrate data through unintended network egress, enabling a zero-click information disclosure attack.

Recommendation

Upgrade to Latest Fixed Versions

Arctic Wolf strongly recommends that customers upgrade to the latest fixed versions.

Affected Product	Vulnerability	Update Article
Microsoft SharePoint Server Subscription Edition	CVE-2026-26113
Microsoft SharePoint Server 2019	CVE-2026-26113	,
Microsoft SharePoint Enterprise Server 2016	CVE-2026-26113	,
Microsoft Office LTSC for Mac 2021, and 2024	CVE-2026-26110, CVE-2026-26113
Microsoft Office LTSC 2024 for 32-bit, and 64-bit editions	CVE-2026-26110, CVE-2026-26113
Microsoft Office LTSC 2021 for 64-bit editions	CVE-2026-26110, CVE-2026-26113
Microsoft Office LTSC 2021 for 32-bit editions	CVE-2026-26110
Microsoft Office for Android	CVE-2026-26110
Microsoft Office 2019 for 32-bit, and 64-bit editions	CVE-2026-26110, CVE-2026-26113
Microsoft Office 2016 for 32-bit, and 64-bit editions	CVE-2026-26110, CVE-2026-26113
Microsoft 365 Apps for Enterprise for 32-bit, and 64-bit Systems	CVE-2026-26110, CVE-2026-26113, CVE-2026-26144

Please follow your organization’s patching and testing guidelines to minimize potential operational impact.

? 2026 ��. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

������

Agentic SOC

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Incident Response Timelines

Expertise by Industry

Resource Center

Trending Resources

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

Join Arctic Wolf on an interactive journey to discover a better path past the hazards of the modern threat landscape.

Security Bulletins

Microsoft Patch Tuesday: April 2026?

CVE-2026-35616: Fortinet Releases Hotfix for Critical Exploited Vulnerability in FortiClient EMS

CVE-2026-2699 & CVE-2026-2701: Progress ShareFile Storage Zones Controller Pre-Auth RCE Chain

Partners

Company

Careers

Press

Brand Partnerships