Article

Alert: Microsoft Security Updates - March 2026

Microsoft released security updates in the March 2026 Patch Tuesday addressing 84 vulnerabilities, including two publicly disclosed zero-day flaws CVE-2026-26127 and CVE-2026-21262, which could allow attackers to disrupt services or gain elevated system privileges if exploited.

These updates apply to, but are not limited to:

Windows OS: 11.
Microsoft SQL Server 2022, 2025
Microsoft Office 2021, 2024
Microsoft Edge

Security Risks

Identified vulnerabilities could allow threat actors to execute malicious code, escalate privileges, access sensitive data, or disrupt system operations, potentially leading to the compromise of affected systems.

For the full list of security patches released by Microsoft, please refer to the Microsoft Security Update Guide and apply the necessary updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. Apply the latest security patches as soon as possible to prevent unauthorized control over unpatched systems.

2. Upgrade immediately to the latest supported version of installed Microsoft software to continue receiving technical support and security patches.

The following Microsoft software products reached their end-of-life and need to be upgraded soon:

Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012, and 2012 R2
Exchange Server 2003, 2007, 2010, 2013, 2016, 2019, and Windows Vista, XP, 8, and 7, 10.
Microsoft SQL Server 2005, 2008, 2012, 2014, and MS Office 2013, 2016 and 2019.

Additionally, scheduled for end-of-life in 2026; Upgrade recommended before end of support:

Microsoft SQL Server 2016: July 14, 2026 and Microsoft Office 2021: October 13, 2026

For more information, including other products reaching end-of-support in 2026, see Microsoft’s official documentation.

3. Before any updating task, ensure you have a current, tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References

11 March 2026

More updates

11 March 2026

Alert: Nginx UI (CVE-2026-27944) Security Updates – March 2026

A critical security vulnerability (CVE-2026-27944) has been discovered in Nginx UI.

11 March 2026

Security Alert: Critical WordPress Plugin Vulnerability (CVE-2026-1492)

A critical security vulnerability (CVE-2026-1492) has been discovered in the WordPress User Registration & Membership plugin by WPEverest.

09 March 2026

Security Alert: Apple Security Updates - March 2026

Apple has released security updates for iOS, iPadOS, and macOS platforms.

09 March 2026

Security Alert: Cisco Security Updates - March 2026

Cisco has released multiple security updates to address vulnerabilities affecting several of its products.

Microsoft released security updates in the March 2026 Patch Tuesday addressing 84 vulnerabilities, including two publicly disclosed zero-day flaws CVE-2026-26127 and CVE-2026-21262, which could allow attackers to disrupt services or gain elevated system privileges if exploited.

These updates apply to, but are not limited to:

Windows OS: 11.

Microsoft SQL Server 2022, 2025

Microsoft Office 2021, 2024

Microsoft Edge

Security Risks

Identified vulnerabilities could allow threat actors to execute malicious code, escalate privileges, access sensitive data, or disrupt system operations, potentially leading to the compromise of affected systems.

For the full list of security patches released by Microsoft, please refer to the Microsoft Security Update Guide and apply the necessary updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. Apply the latest security patches as soon as possible to prevent unauthorized control over unpatched systems.

2. Upgrade immediately to the latest supported version of installed Microsoft software to continue receiving technical support and security patches.

The following Microsoft software products reached their end-of-life and need to be upgraded soon:

Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012, and 2012 R2

Exchange Server 2003, 2007, 2010, 2013, 2016, 2019, and Windows Vista, XP, 8, and 7, 10.

Microsoft SQL Server 2005, 2008, 2012, 2014, and MS Office 2013, 2016 and 2019.

Additionally, scheduled for end-of-life in 2026; Upgrade recommended before end of support:

Microsoft SQL Server 2016: July 14, 2026 and Microsoft Office 2021: October 13, 2026

For more information, including other products reaching end-of-support in 2026, see Microsoft’s official documentation.

3. Before any updating task, ensure you have a current, tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References

Microsoft March 2026 Security Release Notes

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Microsoft Ending Support in 2026

	info@ncsa.gov.rw
	9009 / 0781813310
	‎+250 791 445 224