Microsoft has rolled out its latest Patch Tuesday security update, addressing 79 security vulnerabilities (CVEs) across its software ecosystem. Among the fixes are two high-severity flaws that previously qualified as zero-day vulnerabilities, highlighting the importance of installing the updates as soon as possible.

Patch Tuesday is Microsoft’s monthly security update cycle, released on the second Tuesday of every month, during which the company distributes fixes for newly discovered security issues affecting Windows and other Microsoft products.

Two Former Zero-Day Vulnerabilities Patched

Microsoft confirmed that two vulnerabilities initially categorized as zero-day flaws are now resolved with the latest update. A zero-day vulnerability refers to a software flaw for which no official patch or security update was available at the time it was discovered.

With patches now released, these vulnerabilities are no longer considered zero-days. Importantly, Microsoft says there is currently no evidence that either flaw was actively exploited in the wild.

However, security experts warn that delaying updates could still expose systems to potential attacks.

SQL Server Vulnerability Could Grant Admin Access

One of the most serious issues addressed this month is CVE-2026-21262, a vulnerability affecting Microsoft SQL Server with a CVSS severity score of 8.8 out of 10.

The flaw allows a user who already has basic access to a database system to escalate privileges and potentially gain full database administrator (sysadmin) rights. Once elevated, an attacker could:

• Read or modify sensitive data
• Delete database records
• Create new user accounts
• Alter database configurations or scheduled jobs

The vulnerability stems from a permission-checking flaw in SQL Server. In certain cases, the system can be tricked into granting more privileges than intended.

Security researchers note that no user interaction is required once an attacker has initial access. The exploit can be carried out remotely through specially crafted SQL requests that manipulate the flawed permission checks.

In a real-world attack scenario, the vulnerability would likely serve as the second stage in an intrusion—after attackers gain low-level access, they could use the flaw to elevate privileges and take full control of the database.

.NET Bug Could Crash Applications

Another notable vulnerability fixed in the update is CVE-2026-26127, affecting Microsoft’s .NET development platform. The flaw has a CVSS score of 7.5 and can be exploited remotely to cause applications to crash.

The issue impacts .NET 9.0 and .NET 10.0 across Windows, macOS, and Linux. Unlike application-specific bugs, this vulnerability exists in the .NET runtime and core libraries, meaning any application built on the affected versions could be impacted.

The primary risk is denial of service (DoS). Attackers could send malicious input to trigger crashes in .NET processes, causing applications to become unstable or temporarily unavailable.

For organizations running web APIs, payment platforms, or internal business applications built with .NET, this could result in service outages and disrupted operations until the affected systems are patched.

Microsoft Office Vulnerabilities Also Fixed

The Patch Tuesday release also includes fixes for several vulnerabilities affecting Microsoft Office applications.

Two flaws—CVE-2026-26110 and CVE-2026-26113—allow remote code execution and can potentially be exploited through the preview pane. This means users might not even need to open a malicious file for exploitation to occur.

Another issue, CVE-2026-26144, affects Microsoft Excel and could allow attackers to exfiltrate sensitive information through Microsoft Copilot under certain conditions.

While Office vulnerabilities frequently appear in Patch Tuesday updates, Microsoft says none of these issues have been reported as actively exploited so far.

How to Check if Your System Is Updated

Microsoft recommends installing updates immediately to keep systems secure. Windows users can verify their update status by following these steps:

1. Open Settings
Click the Start button (Windows logo in the bottom-left corner) and select Settings, represented by a gear icon.

2. Navigate to Windows Update
In the Settings window, select Windows Update, usually located at the bottom of the left-side menu.

3. Check for Updates
Click Check for updates to search for the latest Patch Tuesday updates.

If automatic updates are enabled, you may see a “Restart required” message once the updates are downloaded.

4. Download and Install
If updates are available, Windows will begin downloading them automatically. Once finished, click Install or Restart now to complete the installation.

5. Confirm Your System Is Up to Date
After restarting, return to Windows Update and check again. If the page displays “You’re up to date,” your system is fully protected.

Staying Protected

Security professionals consistently emphasize that timely patching remains one of the most effective defenses against cyberattacks. Even vulnerabilities that are not actively exploited at the time of disclosure can quickly become targets once technical details are made public.

Installing the latest Patch Tuesday updates ensures that systems are protected against newly discovered threats and helps maintain the stability and security of both personal and enterprise environments.