Zero Day Initiative | Blog
Follow
The March 2026 Security Update Review
The author is reviewing security patches released for March 2026 from Adobe and Microsoft. Adobe released eight bulletins addressing 80 CVEs across various applications, with Acrobat Reader being a priority for patching. Microsoft's release includes 84 new CVEs, with five reported through the TrendAI ZDI program. Several Microsoft vulnerabilities are detailed, including an Excel information disclosure bug related to the Copilot Agent. Office Remote Code Execution vulnerabilities, like previous months, continue to be present and need addressing. A Windows Print Spooler RCE vulnerability that works similarly to the "Print Nightmare" is also present, requiring quick patching. A Windows Graphics Component Elevation of Privilege vulnerability that was identified as variants needs to be addressed. The post concludes with a comprehensive list of the CVEs released by Microsoft for March 2026, including their severity and related details. The author emphasizes the importance of testing and deploying these security updates promptly.