tldrdailynews.com logo
Tag

Cve 2026 21262

All articles tagged with #cve 2026 21262

Critical SQL Server zero-day lets attackers escalate to full admin control
cybersecurity1 month ago

Critical SQL Server zero-day lets attackers escalate to full admin control

Microsoft disclosed a critical zero-day in SQL Server (CVE-2026-21262) that enables an authenticated attacker to escalate to the sysadmin role via improper access control. The flaw has a CVSS v3.1 base score of 8.8 (Important) and is exploitable over the network with low complexity and no user interaction. While not yet observed in the wild, the disclosure lowers the barrier for exploits. Microsoft has released patches for SQL Server 2016–2025; administrators should urgently apply updates, audit permissions, restrict privileged access, and upgrade unsupported versions to receive future fixes.

via CyberSecurityNews|
#cve-2026-21262#cybersecurity#patching
Microsoft Patch Tuesday: 84 Fixes, Two Public Zero-Days, and Faster Hotpatching
security1 month ago

Microsoft Patch Tuesday: 84 Fixes, Two Public Zero-Days, and Faster Hotpatching

Microsoft released 84 patches in March Patch Tuesday across its software stack, including two publicly disclosed zero-days: CVE-2026-21262 in SQL Server and CVE-2026-26127 in .NET. Eight flaws are critical and 76 are important, with privilege escalation accounting for 46 fixes. Notable issues include a Winlogon privilege escalation (CVE-2026-25187, 7.8), an Azure MCP server-side request-forgery (CVE-2026-26118, 8.8) that could abuse the server’s identity, and a high-severity RCE in the Microsoft Devices Pricing Program (CVE-2026-21536, 9.8) that Microsoft says is fully mitigated. An Excel information-disclosure flaw (CVE-2026-26144, 7.5) could enable data exfiltration via Copilot Agent in a zero-click attack. Microsoft is also moving toward hotpatch security updates via Windows Autopatch by May 2026 to speed fixes, with XBOW credited for vulnerability discovery and researchers noting such bugs often enable post-compromise activity.

via The Hacker News|
#cve-2026-21262#microsoft#patch-tuesday
Microsoft Patch Tuesday March 2026: 79 Flaws Fixed, Two Public Zero-Days
security1 month ago

Microsoft Patch Tuesday March 2026: 79 Flaws Fixed, Two Public Zero-Days

Microsoft's March 2026 Patch Tuesday closes 79 vulnerabilities, including two publicly disclosed zero-days: a SQL Server elevation-of-privilege flaw (CVE-2026-21262) and a .NET denial-of-service flaw (CVE-2026-26127). The update also patches two Office remote-code-execution flaws via the Preview Pane (CVE-2026-26110, CVE-2026-26113) and an Excel information-disclosure flaw potentially exposing Copilot data (CVE-2026-26144). Fixes span Windows, Edge, Azure, and more, with several critical bugs; users should update promptly.

via BleepingComputer|
#cve-2026-21262#cve-2026-26127#office