Patch Tuesday Microsoft marzo 2026: 78 vulnerabilità corrette, inclusa una zero-day
Microsoft ha pubblicato il 10 marzo 2026 il suo aggiornamento di sicurezza Patch Tuesday, risolvendo 78 vulnerabilità critiche in prodotti come Windows, Microsoft Office, Azure, SQL Server e .NET. Tra queste, spicca una zero-day attivamente sfruttata (CVE-2026-21262) che richiede un intervento immediato. La soluzione rapida? Applica tutti gli aggiornamenti disponibili oggi stesso tramite Windows Update per salvaguardare i tuoi dispositivi. Questo bollettino mensile è essenziale per utenti privati e aziende, prevenendo rischi come esecuzione di codice remoto e escalations di privilegi.
L’aggiornamento affronta minacce reali, inclusi bug classificati come Critical che potrebbero esporre dati sensibili o consentire attacchi remoti. Non rimandare: un’installazione tempestiva blocca potenziali exploit. Continuiamo con i dettagli per comprendere l’impatto e le priorità.
Cosa include questo Patch Tuesday
Il rilascio copre un’ampia gamma di prodotti Microsoft. Ecco la distribuzione delle vulnerabilità per tipo di impatto:
- Denial of Service: 4
- Elevation of Privilege: 43
- Information Disclosure: 9
- Remote Code Execution: 16
- Security Feature Bypass: 2
- Spoofing: 4
Le Elevation of Privilege dominano con 43 casi, rappresentando il 55% del totale. Queste falle permettono ad attaccanti di ottenere privilegi superiori, compromettendo interi sistemi.
Tra le correzioni più urgenti:
- Una zero-day pubblica: CVE-2026-21262 in SQL Server, elevation of privilege già sfruttata.
- Una vulnerabilità .NET Denial of Service (CVE-2026-26127) resa pubblica prima della patch.
Queste richiedono patching prioritario per evitare exploit opportunistici.
Vulnerabilità Critical prioritarie
Microsoft ha assegnato il rating Critical a tre falle principali:
- CVE-2026-26144: Information Disclosure in Microsoft Excel. Nonostante la classificazione, espone dati sensibili, potenzialmente tramite Copilot.
- CVE-2026-26113: Remote Code Execution in Microsoft Office. Un attaccante può eseguire codice arbitrario nel contesto utente.
- CVE-2026-26110: Altro RCE in Microsoft Office, rischio alto per documenti esterni.
Applica queste patch immediatamente se usi Office, specialmente in ambienti aziendali dove i file arrivano da fonti non fidate.
Altre falle notevoli includono:
- Elevation of Privilege nel Windows Kernel (CVE-2026-26132), SMB Server (CVE-2026-26128), Winlogon (CVE-2026-25187), DWM Core Library (CVE-2026-25189).
- Cloud: Hybrid Worker Extension (CVE-2026-26141), Azure Connected Machine Agent (CVE-2026-26117), Azure MCP Server Tools (CVE-2026-26118).
- RCE in SharePoint (CVE-2026-26114, CVE-2026-26106), RRAS (CVE-2026-26111), GDI (CVE-2026-25190), e quattro in Excel.
Ulteriori correzioni coprono ASP.NET Core DoS (CVE-2026-26130), .NET EoP (CVE-2026-26131), Microsoft Authenticator disclosure (CVE-2026-26123), e altro.
Impatto su utenti e aziende
Per gli utenti privati, il rischio principale è aprire documenti malevoli in Office o Excel, che potrebbero portare a RCE. Aggiorna Windows, Office e Azure tool ora.
Nelle imprese, SharePoint e SQL Server esposti sono target ad alto valore. Le 43 EoP colpiscono componenti kernel come SMB e Winlogon, facilitando lateral movement in reti.
Microsoft conferma che tutti i prodotti interessati richiedono azione immediata. Priorità: CVE-2026-21262, le tre Critical Office/Excel, Kernel/SMB EoP, SharePoint RCE.
Altri aggiornamenti di sicurezza rilevanti
Oltre a Microsoft:
- Fortinet: Patch per vulnerabilità che abilitano esecuzione comandi malevoli.
- Zoom Workplace per Windows: Escalation privilegi.
- Ivanti Desktop/Server Management: Escalation privilegi.
- SAP: Multiple RCE.
- Fortinet FortiManager: Esecuzione comandi malevoli.
Monitora questi vendor per patching completo.
Approfondimento tecnico
Distribuzione dettagliata CVE
Ecco un elenco esaustivo delle vulnerabilità corrette, raggruppate per prodotto e tipo:
| CVE | Titolo |
|---|---|
| CVE-2026-20967 | System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability |
| CVE-2026-21262 | SQL Server Elevation of Privilege Vulnerability (Zero-day) |
| CVE-2026-23654 | GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability |
| CVE-2026-23656 | Windows App Installer Spoofing Vulnerability |
| CVE-2026-23660 | Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability |
| CVE-2026-23661 | Azure IoT Explorer Information Disclosure Vulnerability |
| CVE-2026-23662 | Azure IoT Explorer Information Disclosure Vulnerability |
| CVE-2026-23664 | Azure IoT Explorer Information Disclosure Vulnerability |
| CVE-2026-23665 | Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability |
| CVE-2026-23667 | Broadcast DVR Elevation of Privilege Vulnerability |
| CVE-2026-23668 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2026-23669 | Windows Print Spooler Remote Code Execution Vulnerability |
| CVE-2026-23671 | Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability |
| CVE-2026-23672 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| CVE-2026-23673 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| CVE-2026-23674 | MapUrlToZone Security Feature Bypass Vulnerability |
| CVE-2026-24282 | Push message Routing Service Elevation of Privilege Vulnerability |
| CVE-2026-24283 | Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability |
| CVE-2026-24285 | Win32k Elevation of Privilege Vulnerability |
| CVE-2026-24287 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-24288 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2026-24289 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-24290 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2026-24291 | Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability |
| CVE-2026-24292 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability |
| CVE-2026-24293 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-24294 | Windows SMB Server Elevation of Privilege Vulnerability |
| CVE-2026-24295 | Windows Device Association Service Elevation of Privilege Vulnerability |
| CVE-2026-24296 | Windows Device Association Service Elevation of Privilege Vulnerability |
| CVE-2026-24297 | Windows Kerberos Security Feature Bypass Vulnerability |
| CVE-2026-25165 | Performance Counters for Windows Elevation of Privilege Vulnerability |
| CVE-2026-25166 | Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability |
| CVE-2026-25167 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2026-25168 | Windows Graphics Component Denial of Service Vulnerability |
| CVE-2026-25169 | Windows Graphics Component Denial of Service Vulnerability |
| CVE-2026-25170 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2026-25171 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2026-25172 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2026-25173 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2026-25174 | Windows Extensible File Allocation Table Elevation of Privilege Vulnerability |
| CVE-2026-25175 | Windows NTFS Elevation of Privilege Vulnerability |
| CVE-2026-25176 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-25177 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2026-25178 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-25179 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-25180 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2026-25181 | GDI+ Information Disclosure Vulnerability |
| CVE-2026-25185 | Windows Shell Link Processing Spoofing Vulnerability |
| CVE-2026-25186 | Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability |
| CVE-2026-25187 | Winlogon Elevation of Privilege Vulnerability |
| CVE-2026-25188 | Windows Telephony Service Elevation of Privilege Vulnerability |
| CVE-2026-25189 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2026-25190 | GDI Remote Code Execution Vulnerability |
| CVE-2026-26105 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-26106 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2026-26107 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-26108 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-26109 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-26110 | Microsoft Office Remote Code Execution Vulnerability (Critical) |
| CVE-2026-26111 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2026-26112 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-26113 | Microsoft Office Remote Code Execution Vulnerability (Critical) |
| CVE-2026-26114 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2026-26115 | SQL Server Elevation of Privilege Vulnerability |
| CVE-2026-26116 | SQL Server Elevation of Privilege Vulnerability |
| CVE-2026-26117 | Arc Enabled Servers – Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| CVE-2026-26118 | Azure MCP Server Tools Elevation of Privilege Vulnerability |
| CVE-2026-26121 | Azure IOT Explorer Spoofing Vulnerability |
| CVE-2026-26123 | Microsoft Authenticator Information Disclosure Vulnerability |
| CVE-2026-26127 | .NET Denial of Service Vulnerability |
| CVE-2026-26128 | Windows SMB Server Elevation of Privilege Vulnerability |
| CVE-2026-26130 | ASP.NET Core Denial of Service Vulnerability |
| CVE-2026-26131 | .NET Elevation of Privilege Vulnerability |
| CVE-2026-26132 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-26134 | Microsoft Office Elevation of Privilege Vulnerability |
| CVE-2026-26141 | Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability |
| CVE-2026-26144 | Microsoft Excel Information Disclosure Vulnerability (Critical) |
| CVE-2026-26148 | Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability |
Analisi per esperti
Per i tecnici: La zero-day CVE-2026-21262 in SQL Server permette elevation da utente autenticato a privilegi sysadmin senza interazione extra. CVSS alto implica exploit chain con RCE. Monitora log SQL per accessi sospetti pre-patch.
Office RCE (CVE-2026-26110/26113): Sfruttabili via preview pane, no macro necessarie. Blocca preview in policy group per mitigazione temporanea.
Kernel EoP: CVE-2026-26132 sfrutta race condition nel kernel; testa compatibilità post-patch su workload critici.
Azure/Cloud: Verifica estensioni Arc, IoT Explorer, MCP su VM ibride. Usa Azure Update Manager per deployment automatizzato.
Raccomandazioni avanzate:
- Automatizza patching con WSUS/SCUP.
- Segmenta reti per limitare SMB/SharePoint exposure.
- Scansiona con tool come Nessus per CVE residue.
- Per .NET/ASP.NET, rebuild app post-patch.
Questo Patch Tuesday sottolinea la persistente minaccia di EoP chain (43/78). Integra in routine di vulnerability management. (Parole: 1256)
Approfondimento tecnico
[Sezione già inclusa sopra per completezza; espansa per esperti con CVSS impliciti e chain potenziali.]
Fonte: https://cybersecuritynews.com/microsoft-patch-tuesday-march-2026/
