March's Patch Tuesday is notable not just for what was patched, but for how one of the most severe vulnerabilities was discovered. For the first time in a mainstream Patch Tuesday release, Microsoft credited an AI agent — XBOW — with discovering a CVSS 9.8 remote code execution vulnerability. AI-driven vulnerability discovery has moved from research papers to operational reality, and the implications for both attackers and defenders are significant.
Two Publicly Disclosed Zero-Days
Unlike February's six exploited zero-days, March's two zero-days were publicly disclosed but not yet exploited at the time of the patch. That's a narrower window, but public disclosure means exploit development is already underway.
CVE-2026-21262 (CVSS 8.8) — SQL Server Elevation of Privilege. An improper access control flaw that allows an authenticated attacker to escalate privileges over the network, potentially reaching sysadmin access. A database user with basic permissions could silently elevate to full administrator rights — the ability to read, modify, or delete any data, create accounts, and manipulate database configurations. The vulnerability was discovered by database expert Erland Sommarskog through research into stored procedure permission packaging, highlighting that some of the most impactful vulnerabilities come from deep domain expertise, not just fuzzing tools.
CVE-2026-26127 (CVSS 7.5) — .NET Denial of Service. An out-of-bounds read in .NET that allows an unauthorized attacker to crash applications over the network. While denial of service is lower severity than code execution, .NET underpins a vast amount of enterprise infrastructure.
The AI-Discovered CVSS 9.8 Flaw
CVE-2026-21536 (CVSS 9.8) — Microsoft Devices Pricing Program RCE. This is the highest-severity vulnerability in the release — a remote code execution flaw discovered not by a human researcher, but by the XBOW AI security agent. Microsoft notes this flaw has been "fully mitigated" server-side, requiring no action from users, but its existence signals a shift: AI agents are now finding critical vulnerabilities at a pace and depth that will challenge traditional patch cycles.
For defenders, this means the volume and severity of discovered vulnerabilities will likely increase. For attackers, it means the same AI capabilities are available for offensive research. The race between discovery and exploitation is accelerating.
Critical Vulnerabilities
Eight CVEs received Critical ratings this month. Two Microsoft Office remote code execution flaws (CVE-2026-26110 and CVE-2026-26113) are particularly concerning because both are exploitable via the preview pane — no user interaction beyond previewing an email is required.
A Microsoft Excel information disclosure flaw (CVE-2026-26144) stands out because exploitation could cause Copilot Agent mode to exfiltrate data via unintended network egress, enabling a zero-click information disclosure attack through AI. This is a new class of vulnerability where AI-assisted features become the exfiltration vector.
The Windows Print Spooler received yet another RCE fix (CVE-2026-23669), continuing a pattern that dates back to the PrintNightmare vulnerabilities of 2021. The Graphics Component received an elevation of privilege fix (CVE-2026-23668) that was submitted as two separate bugs affecting different drivers (cdd.dll and win32kfull.sys), demonstrating why variant analysis is critical when developing patches — the same root cause can manifest across multiple components.
Deployment Recommendations
Prioritize the SQL Server zero-day (CVE-2026-21262) for any environment running SQL Server with authenticated users. The Office preview pane vulnerabilities should be fast-tracked on all desktop and terminal server environments. The AI-discovered CVSS 9.8 flaw requires no action, but treat it as a signal that the vulnerability discovery landscape is changing permanently.
Elevation of privilege flaws accounted for 55% of all patches this month — a continuing trend that reflects how attackers operate: gain initial access through phishing or web exploitation, then escalate privileges to move laterally. Patching EoP vulnerabilities is patching the post-compromise attack path.