Overview
- The monthly release closes dozens of vulnerabilities spanning core Windows components, Microsoft Office, Azure services and Edge.
- Two publicly disclosed flaws were addressed — a SQL Server elevation‑of‑privilege bug (CVE‑2026‑21262) and a .NET denial‑of‑service issue (CVE‑2026‑26127) — with no evidence of in‑the‑wild exploitation reported.
- Microsoft patched Office remote code execution bugs (CVE‑2026‑26110 and CVE‑2026‑26113) that can trigger via the preview pane, and an Excel information‑disclosure issue (CVE‑2026‑26144) that warrants prompt updating.
- Several cloud and service vulnerabilities were already mitigated by Microsoft, including the Devices Pricing Program RCE (CVE‑2026‑21536), Payment Orchestrator elevation of privilege (CVE‑2026‑26125), and ACI Confidential Containers issues, requiring little or no customer action.
- Security teams are advised to prioritize Office and Excel updates and review Azure‑specific fixes that may require non‑standard patching, with Microsoft crediting XBOW for discovery of the Devices Pricing Program flaw.