Security news aggregator

Latest coverage for Patch Tuesday

Patch Tuesday tracks Microsoft's regular security updates, helping readers understand vulnerabilities, fixes, and risks affecting software users.

10 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Patch Tuesday is the second Tuesday of each month, when Microsoft publishes a scheduled set of security and quality updates for supported products. The term is also used broadly for the recurring monthly patch cycle that organizations use to review, test, and deploy vendor fixes. Releases may address vulnerabilities in operating systems, applications, browsers, and infrastructure components, with severity and affected versions varying by update.

For security teams, the release is a trigger for vulnerability-management work: identify exposed and supported assets, assess whether a flaw is being exploited or affects a critical system, and prioritize deployment accordingly. Testing and staged rollout can reduce compatibility and availability problems, while leaving internet-facing or unpatched systems exposed can increase the chance of compromise. Teams should also account for patches that require reboots, configuration changes, or dependent updates, and track exceptions with compensating controls. Critical fixes may warrant accelerated or emergency deployment rather than waiting for the normal maintenance window.

Showing 10 most recent headlines Filtered view
Krebs on Security 4 months, 1 week ago

Microsoft Patch Tuesday, March 2026 Edition

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month's Patch Tuesday.

Could steal sensitive personal and financial data After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn't exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is under active exploitation, which we're sure is a welcome change to sysadmins.…

March 2026 Patch Tuesday delivers 86 CVEs including 10 Critical and 2 publicly disclosed zero-days. A SQL Server privilege escalation grants sysadmin over the network, and a Microsoft Authenticator info disclosure threatens MFA integrity. Here is what to patch first.