Microsoft Patches 83 Flaws in March 2026 Update, Including Zero-Click Excel AI Exploit
Microsoft’s March 2026 Patch Tuesday addressed 83 vulnerabilities, including a high-severity flaw in Excel (CVE-2026-26144) that enables zero-click data theft via AI-driven attacks. The bug, rated 7.5/10, combines cross-site scripting (XSS) with indirect prompt injection to exploit Microsoft’s Copilot assistant.
The vulnerability stems from Excel’s failure to properly neutralize malicious input in web-generated content. Attackers could embed harmful links in Excel files, which execute when viewed in the preview pane without requiring the user to open the file. If Copilot is active, the AI could be tricked into exfiltrating sensitive data to an external server.
While patching is the recommended fix, temporary mitigations include restricting outbound traffic from Office apps, monitoring Excel network requests, or disabling Copilot. Alongside this flaw, Microsoft resolved eight critical vulnerabilities among the 83 total fixes in this month’s update. The incident highlights the growing risks of AI integration in productivity tools.
Microsoft Security cybersecurity rating report: https://www.rankiteo.com/company/microsoft-security
"id": "MIC1773253470",
"linkid": "microsoft-security",
"type": "Vulnerability",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Software',
'name': 'Microsoft',
'type': 'Technology Company'}],
'attack_vector': 'Malicious Excel file (preview pane)',
'data_breach': {'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive data'},
'date_publicly_disclosed': '2026-03',
'date_resolved': '2026-03',
'description': 'Microsoft’s March 2026 Patch Tuesday addressed 83 '
'vulnerabilities, including a high-severity flaw in Excel '
'(CVE-2026-26144) that enables zero-click data theft via '
'AI-driven attacks. The bug, rated 7.5/10, combines cross-site '
'scripting (XSS) with indirect prompt injection to exploit '
'Microsoft’s Copilot assistant. The vulnerability stems from '
'Excel’s failure to properly neutralize malicious input in '
'web-generated content. Attackers could embed harmful links in '
'Excel files, which execute when viewed in the preview pane '
'without requiring the user to open the file. If Copilot is '
'active, the AI could be tricked into exfiltrating sensitive '
'data to an external server.',
'impact': {'data_compromised': 'Sensitive data exfiltration',
'systems_affected': 'Microsoft Excel with Copilot integration'},
'investigation_status': 'Resolved',
'lessons_learned': 'Highlights the growing risks of AI integration in '
'productivity tools',
'post_incident_analysis': {'corrective_actions': 'Patching, input validation '
'improvements',
'root_causes': 'Excel’s failure to properly '
'neutralize malicious input in '
'web-generated content'},
'recommendations': 'Apply Microsoft’s March 2026 patches, restrict outbound '
'traffic from Office apps, monitor Excel network requests, '
'or disable Copilot as temporary mitigations',
'references': [{'source': 'Microsoft Patch Tuesday March 2026'}],
'response': {'containment_measures': 'Patching, restricting outbound traffic '
'from Office apps, monitoring Excel '
'network requests, disabling Copilot',
'enhanced_monitoring': 'Monitoring Excel network requests',
'remediation_measures': 'Microsoft released patches for '
'CVE-2026-26144 and 82 other '
'vulnerabilities'},
'title': 'Microsoft Patches 83 Flaws in March 2026 Update, Including '
'Zero-Click Excel AI Exploit',
'type': 'Vulnerability',
'vulnerability_exploited': 'CVE-2026-26144'}