MS-ISAC Issues Advisory on Critical Patches for Microsoft Products

The Multi-State Information Sharing and Analysis Center issued advisory 2026-021 on March 10, 2026. The advisory covers multiple vulnerabilities in Microsoft products. The most severe vulnerabilities could allow remote code execution. According to the advisory, successful exploitation could enable an attacker to gain the privileges of the logged-on user. Such an attacker could install programs, view, change, or delete data, or create new accounts with full user rights. Systems with users having fewer privileges would face reduced impact. The advisory reports no known exploitation of these vulnerabilities in the wild. It identifies a broad range of affected systems including .NET, Active Directory Domain Services, Azure services, Microsoft Office, SQL Server, and numerous Windows components. The advisory recommends immediate application of Microsoft updates to vulnerable systems following testing. It further calls for documented vulnerability management processes, automated patch management, and regular vulnerability scanning on enterprise assets.