Microsoft Patches 84 Flaws, Two Zero-Days

Microsoft released a significant security update on Tuesday, addressing a total of 84 newly discovered vulnerabilities across its software ecosystem. The patches target eight critical and 76 important flaws, including two that were already publicly known before the fix.

According to the official release notes, the most severe issue was a critical remote code execution flaw tracked as CVE-2026-21536. However, the company confirmed this vulnerability, found by AI platform XBOW, has been fully mitigated.

The two publicly disclosed zero-days are CVE-2026-26127, a denial-of-service bug in .NET, and CVE-2026-21262, a privilege escalation flaw in SQL Server. Consequently, security teams are urged to prioritize these updates.

Satnam Narang, senior staff research engineer at Tenable, noted that “over half (55%) of all Patch Tuesday CVEs were privilege escalation bugs.” These types of vulnerabilities are frequently exploited by threat actors after他们已经 gain initial access to a system.

Another notable flaw is CVE-2026-26118, a server-side request forgery in the Azure Model Context Protocol server. Microsoft warned that exploitation could allow an attacker to capture a managed identity token and access authorized resources.

Meanwhile, the company announced a procedural shift for Windows Autopatch. In a blog post, Microsoft stated it is enabling hotpatch updates by default to secure devices faster without requiring a restart.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Shiba Inu Down 93.5%: Can It Reclaim $0.00008 by 2026?
• Nio Links CEO’s $1.17B Award to Ambitious Milestones
• Tokenized RWAs surge 66% in 2026 to $23.6B
• NASA Satellite’s Early Reentry Exposes Wall Street Risk
• Lawmakers introduce DEATH BETS Act to ban war, death betting