Beyond Information Security

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known.

Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, four spoofing, four denial-of-service, and two security feature bypass flaws.

The fixes are in addition to 10 vulnerabilities that have been addressed in its Chromium-based Edge browser since the release of the February 2026 Patch Tuesday update.

The two publicly disclosed zero-days are CVE-2026-26127 (CVSS score: 7.5), a denial-of-service vulnerability in .NET, and CVE-2026-21262 (CVSS score: 8.8), an elevation of privilege vulnerability in SQL Server.

Source: The hacker news / Bleeping computer / Securityweek / Krebs on security / SANS internet storm center

Link: https://thehackernews.com/2026/03/microsoft-patches-84-flaws-in-march.html

Link: https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2026-patch-tuesday-fixes-2-zero-days-79-flaws/

Link: https://www.securityweek.com/microsoft-patches-83-vulnerabilities/

Link: https://krebsonsecurity.com/2026/03/microsoft-patch-tuesday-march-2026-edition/

Link: https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20March%202026/32782

Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8

Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild.

The list of vulnerabilities is as follows –

• CVE-2026-3909 (CVSS score: 8.8) – An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory access via a crafted HTML page.
• CVE-2026-3910 (CVSS score: 8.8) – An inappropriate implementation vulnerability in the V8 JavaScript and WebAssembly engine that allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Both vulnerabilities were discovered and reported by Google itself on March 10, 2026. As is customary in these cases, no details are available about how the issues are being abused in the wild and who is behind the efforts. This is done so as to prevent other threat actors from exploiting the issues.

Source: The hacker news / Bleeping computer

Link: https://thehackernews.com/2026/03/google-fixes-two-chrome-zero-days.html

Link: https://www.bleepingcomputer.com/news/google/google-fixes-two-new-chrome-zero-days-exploited-in-attacks/

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution.

The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0.

„This vulnerability is remotely exploitable without authentication,“ Oracle said in an advisory. „If successfully exploited, this vulnerability may result in remote code execution.“

CVE-2026-21992 affects the following versions –

• Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0
• Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0

According to a description of the flaw in the NIST National Vulnerability Database (NVD), it’s „easily exploitable“ and could allow an unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. This, in turn, can result in the successful takeover of susceptible instances.

Source: The hacker news / Bleeping computer / Securityweek / Helpnet security / Oracle security blog

Link: https://thehackernews.com/2026/03/oracle-patches-critical-cve-2026-21992.html

Link: https://www.bleepingcomputer.com/news/security/oracle-pushes-emergency-fix-for-critical-identity-manager-rce-flaw/

Link: https://www.securityweek.com/oracle-releases-emergency-patch-for-critical-identity-manager-vulnerability/

Link: https://www.helpnetsecurity.com/2026/03/23/oracle-emergency-fix-cve-2026-21992/

Link: https://blogs.oracle.com/security/alert-cve-2026-21992

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application.

The vulnerabilities are listed below –

• CVE-2026-3055 (CVSS score: 9.3) – Insufficient input validation leading to memory overread
• CVE-2026-4368 (CVSS score: 7.7) – Race condition leading to user session mixup

Cybersecurity company Rapid7 said that CVE-2026-3055 refers to an out-of-bounds read that could be exploited by unauthenticated remote attackers to leak potentially sensitive information from the appliance’s memory.

However, for exploitation to be successful, the Citrix ADC or Citrix Gateway appliance must be configured as a SAML Identity Provider (SAML IDP), which means default configurations are unaffected. To determine if the device has been configured as a SAML IDP Profile, Citrix is urging customers to inspect their NetScaler Configuration for the specified string: „add authentication samlIdPProfile .*“

Source: The hacker news / Securityweek

Link: https://thehackernews.com/2026/03/citrix-urges-patching-critical.html

Link: https://www.securityweek.com/critical-citrix-netscaler-vulnerability-poised-for-exploitation-security-firms-warn/

Zero Trust: Bridging the Gap Between Authentication and Trust

The traditional concept of a „secure perimeter“ has effectively evaporated. As the workforce has transitioned from centralized offices to a hybrid model spanning kitchen tables, coffee shops, and co-working spaces, the old way of defending the network has become obsolete. Organizations can no longer rely on the assumption that anything inside the corporate network is „safe“ and everything outside is „hostile.“

The move to Zero Trust isn’t just a passing trend, it’s a necessary evolution in security architecture. However, many organizations are finding that their current implementations are missing a critical component: the connection between identifying a user and authorizing their session.

Source: Bleeping computer

Link: https://www.bleepingcomputer.com/news/security/zero-trust-bridging-the-gap-between-authentication-and-trust/

Everyday tools, extraordinary crimes: the ransomware exfiltration playbook

Data exfiltration activity increasingly leverages legitimate native utilities, commonly deployed third-party tools, and cloud service clients, reducing the effectiveness of static indicators of compromise (IOCs) and tool-based blocking strategies.

The Exfiltration Framework systematically normalizes behavioral and forensic characteristics of these tools, enabling cross-environment comparison independent of operating system, deployment model, or infrastructure domain.

By modeling execution context, parent-child process relationships, network communication patterns, artifact persistence, and destination characteristics, the framework exposes detection-relevant signals that remain stable even when tools are renamed, relocated, or operated within trusted infrastructure.

The analysis demonstrates that reliable detection requires correlation across endpoint, network, and cloud telemetry, with emphasis on behavioral baselining, contextual anomalies, and cumulative transfer analysis rather than protocol-level or allow-list–based controls.

Source: CISCO Talos intelligence group

Link: https://blog.talosintelligence.com/everyday-tools-extraordinary-crimes-the-ransomware-exfiltration-playbook/

SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities

Enterprise security firm SAP on Tuesday announced the release of 15 new security notes as part of its March 2026 Security Patch Day.

The most important of these notes resolves critical-severity vulnerabilities in Quotation Management Insurance (FS-QUO) and NetWeaver Enterprise Portal Administration. SAP describes the FS-QUO bug, tracked as CVE-2019-17571 (CVSS score of 9.8), as a code injection issue.

Initially disclosed in December 2019, it is a deserialization of untrusted data defect in Apache Log4j that could allow remote attackers to execute arbitrary code under certain conditions.

The second critical-severity bug, tracked as CVE-2026-27685 (CVSS score of 9.1), is another deserialization of untrusted data issue.

It could allow attackers to upload untrusted data that, when deserialized, could lead to code execution, denial-of-service (DoS) conditions, or privilege escalation.

Source: Securityweek

Link: https://www.securityweek.com/sap-patches-critical-fs-quo-netweaver-vulnerabilities/

NIST updates its DNS security guidance for the first time in over a decade

DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance level for more than twelve years. NIST published SP 800-81r3, the Secure Domain Name System Deployment Guide, superseding a version that dates to 2013.

The document covers three main areas: using DNS as an active security control, securing the DNS protocol itself, and protecting the servers and infrastructure that run DNS services. It is directed at two groups: cybersecurity executives and decision-makers, and the operational networking and security teams who configure and maintain DNS environments.

Source: Helpnet security / NIST Special Publication 800

Link: https://www.helpnetsecurity.com/2026/03/23/nist-dns-security-guide-sp-800-81r3/

Link: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-81r3.pdf