aadsshlogin package. Systems with the extension already installed have packages.microsoft.com configured automatically, so no additional setup is required.”The cloud ecosystem doesn’t really handle patching well,” Reguly said. “It’s a relatively immature process, and the way that Microsoft handles these products really demonstrates that. The CVE impacting Azure Linux Virtual Machines (CVE-2026-23665) or the multiple CVEs impacting Azure IoT Explorer require pretty non-standard patching mechanisms, and those may require a little additional effort from IT teams. CSOs should ensure that they have solid asset inventories around the deployment of cloud related systems and tools, so that admins know where these things exist and when they need to be fixed. This is the best way to empower your sysadmins and security teams on a quiet month like this,” Reguly said.Chris Goettl, VP of product management at Ivanti, noted that an elevation of privilege vulnerability in SQL Server (CVE-2026-21262), with a CVSS score of 8.8, is on the list, however, it has already been publicly disclosed. An attacker who successfully exploited this vulnerability could gain SQL sysadmin privileges. The vulnerability affects SQL Server 2016 and later editions.Satnam Narang, senior staff research engineer at Tenable, commented on the fix for Azure Model Context Protocol (MCP) tools. “This bug is a server-side request forgery,” he said in an email, “so an attacker could exploit it by sending a request to a vulnerable Azure MCP Server. But exploitation requires that the server accept user-provided parameters.”MCP servers have become extremely popular for connecting large language models and agentic AI applications,” he noted, “and with the rise of tools like OpenClaw and other agents, it has become even more critical to secure these tools from cybercriminals.”
Good news for admins: Nick Carroll, cyber incident response manager at Nightwing, spotted what he said is “some incredibly good news. For years, defenders and SOC analysts have relied on Microsoft’s System Monitor (Sysmon) to gain high-fidelity telemetry into process creation, network connections, and file modifications. But because it lived in the external Sysinternals suite, deploying it required manual downloads, custom scripts, and constant maintenance.As of the Windows 11 March feature update (KB5079473), Sysmon is natively integrated directly into Windows 11 as an optional built-in feature. Admins no longer need to package it dynamically. It can be simply enabled programmatically via PowerShell. “Coupled with Microsoft’s simultaneous announcement that Windows Intune will enable hotpatching by default in May 2026, this drastically lowers the barrier to entry for deep endpoint visibility and represents a massive operational win for network defenders,” he said.
SAP, Google, and other high severity bugs: Separately, SAP issued fixes for two critical vulnerabilities, one of which carries a CVSS score of 9.8. That’s SAP Security Note #3698553, which patches a code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO). According to researchers at Onapsis, the application uses an outdated artifact of Apache Log4j 1.2.17 that is vulnerable to CVE-2019-17571. It allows an unprivileged attacker to execute arbitrary code remotely on the server, causing high impact on confidentiality, integrity, and availability of the application.The other SAP Security Note, #3714585, tagged with a CVSS score of 9.1, patches an insecure deserialization vulnerability in SAP NetWeaver Enterprise Portal Administration. Due to missing or insufficient validation during the deserialization of uploaded content, a privileged user is able to upload untrusted or malicious content. Only the fact that an attacker requires high privileges for a successful exploit prevents the vulnerability from being tagged with a CVSS score of 10.Other vendors also addressed some high severity issues.Apple released security updates for memory corruption in the Dynamic Link Editor used in iPadOS, macOS, tvOS, watchOS and visionsOS.Google released security updates for Chrome and the Chromium browser that patch several high severity issues.Ivanti flagged two serious bugs in its Endpoint Manager that could let attackers steal credentials or read sensitive data.WordPress issued a security update to close a vulnerability that exposes a critical weakness in the WPvivid Backup and Migration plugin. It carries a CVSS score of 9.8.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4143232/march-patch-tuesday-three-high-severity-holes-in-microsoft-office.html
