Microsoft has identified CVE-2026-0391 as a critical security vulnerability requiring immediate patching across affected systems.
Microsoft has issued an urgent security advisory regarding CVE-2026-0391, a critical vulnerability that poses significant risk to enterprise systems. The vulnerability affects multiple Microsoft products and services, with CVSS scores indicating high severity.
The Security Update Guide details specific affected versions and provides step-by-step mitigation procedures. Organizations are advised to prioritize patching based on their exposure level and system criticality.
Affected Products
- Windows Server versions 2019 through 2025
- Microsoft Exchange Server 2019 and 2025
- Azure Active Directory integration services
- Microsoft 365 Enterprise applications
CVSS Metrics
- Base Score: 9.8 (Critical)
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
Immediate Actions Required
- Review the Security Update Guide for specific patch requirements
- Test patches in non-production environments first
- Schedule deployment during maintenance windows
- Monitor systems for unusual activity post-patch
Timeline
- Vulnerability disclosed: March 15, 2026
- Initial patches released: March 16, 2026
- Full remediation deadline: April 15, 2026
Microsoft recommends organizations implement the security updates within 30 days to maintain compliance with security best practices and avoid potential exploitation.
Comments
Please log in or register to join the discussion