The remote code execution vulnerability in Devices Pricing Program (CVE-2026-21536) is rated critical due to its potential for exploitation, despite Microsoft's claim of mitigation.
Microsoft has patched 83 vulnerabilities affecting its products. Two notable issues are CVE-2026-26127 and CVE-2026-21262, which include a DoS in .NET and an elevation of privilege defect in SQL Server respectively.
Affected Systems
- Microsoft Devices Pricing Program
- .NET
- SQL Server
- Azure MCP Server Tools
Affected Versions: All versions prior to the latest patch
Remediation
- Apply the March 2026 Patch Tuesday updates for all affected Microsoft products.
- Update Azure MCP Server Tools to the latest version and ensure proper validation of input parameters.
- Monitor systems for any unusual activity or attempts to exploit known vulnerabilities.
Stack Impact
This update affects a wide range of services including .NET, SQL Server, and Azure components. No specific impact on nginx, docker, linux kernel, openssh, curl, openssl, python, or homelab components noted.