Welcome to my March 2026 Patch Monday newsletter.
It was a fairly standard month for Adobe and Mozilla. Adobe's most important update is for Adobe Commerce with a "Priority 2" rating. Adobe recommends you update this within 30 days. The rest of their patches for the month are "Priority 3" and should be updated at your admin's discretion.
Google had a very busy 30 days. There were 6 version updates over the past 30 days totaling 67 patched CVE's with two zero days; CVE-2026-3909 and CVE-2026-3910. Of the 67 updates, 7 are rated "Critical" and 41 rated "High". So, I highly suggest you get those Chrome sessions relaunched and updated to the latest version.
Apple released an interesting update on March 11th for some limited support and legacy support devices. On December 11, 2023, the Coruna exploit was shipped with various versions of iOS and iPadOS. These March 11th updates now fix the Coruna exploit for devices that cannot update to the latest iOS versions.
For Zoom we have four updates available this month. You'll want give attention to CVE-2026-30903. This escalation of privilege vulnerability affects Workplace for Windows before version 6.6.0 and Workplace VDI Client for Windows before versions 6.4.17, 6.5.15 and 6.6.10 in their respective branches. This vulnerability has a CVSS score of 9.6 and is rated "Critical". So, you will want to make sure that gets updated ASAP.
Besides these it was a fairly normal month for 3rd party patching. If there are any additional products you would like to see in the chart below, please let me know.
Be sure to browse the chart below and happy patching!
|
|
So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.
|
Patch data provided by: |
|||||
|
Identifier |
Vendor/ |
Affected Versions |
Date Released |
Vulnerability Info |
Vender Severity / Our Recommendation |
|
Adobe Acrobat Reader |
Reader DC and DC Continuous 25.001.21265 and earlier |
3/10/2026 |
Arbitrary Code Execution, Privilege Escalation |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Commerce |
Commerce & Magento Open Source |
3/10/2026 |
Arbitrary Code Execution, Privilege Escalation, Security Feature Bypass |
Critical Priority 2: Update within 30 days |
|
|
Adobe DNG SDK |
1.7.1 build 2471 and earlier |
3/10/2026 |
Application Denial of Service, Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Experience Manager |
Cloud Service (CS) |
3/10/2026 |
Arbitrary Code Execution |
Important Priority 3: Update at admins discretion |
|
|
Adobe Illustrator |
2025 29.8.4 and earlier |
3/10/2026 |
Arbitrary Code Execution, Memory Exposure |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Premiere Pro |
25.5 and earlier |
3/10/2026 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Painter |
11.1.2 and earlier |
3/10/2026 |
Application Denial of Service, Memory Exposure |
Important Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Stager |
3.1.7 and earlier |
3/10/2026 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Apple iOS and iPadOS |
16.7.15 |
3/11/2026 |
Memory Corruption |
Update after testing |
|
|
Apple iOS and iPadOS |
15.8.7 |
3/11/2026 |
Memory Corruption, Type Confusion, Use After Free |
Update after testing |
|
|
Apple |
iOS, iPadOS, macOS 26.3.1(a) |
3/17/2026 |
Cross Origin Issue |
Update after testing |
|
|
Google |
Before 146.0.7680.164/165 (Windows/Mac) |
3/23/2026 |
Heap Buffer Overflow, Inappropriate Implementation, Incorrect Security UI, Insufficient Policy, Insufficient Validation, Integer Overflow, Object Lifecycle Issue, Out of Bounds Write/Read, Side Channel Leak, Stack Buffer Overflow, Type Confusion, Unsafe Navigation, Use After Free |
Update as soon as possible | |
|
Mozilla Thunderbird |
Before 148 |
2/24/2026 |
Arbitrary Code Execution, Incorrect Boundary, Information Disclosure, Integer Overflow, Invalid Pointer, JIT Miscompilation, Mitigation Bypass, Privilege Escalation, Race Condition, Sandbox Escape, Spoofing, Undefined Behavior, Use After Free |
Update after testing |
|
|
Mozilla Firefox |
Before 148.0.2 |
3/10/2026 |
Arbitrary Code Execution, Heap Buffer Overflow, Incorrect Boundary, Information Disclosure, Integer Overflow, Invalid Pointer, JIT Miscompilation, Mitigation Bypass, Policy Bypass, Privilege Escalation, Race Condition, Sandbox Escape, Spoofing, Use After Free |
Update after testing |
|
|
Mozilla Firefox ESR |
Before 140.8 |
2/24/2026 |
Arbitrary Code Execution, Incorrect Boundary, Information Disclosure, Integer Overflow, Invalid Pointer, JIT Miscompilation, Mitigation Bypass, Privilege Escalation, Sandbox Escape, Use After Free |
Update after testing |
|
|
Mozilla Focus for iOS |
Before 148.2 |
3/2/2026 |
Spoofing |
Update after testing |
|
|
Zoom Workplace Clients for Windows |
Before 6.6.11 in the 6.6.x branch |
3/10/2026 |
Privilege Escalation |
Update after testing |
|
|
Zoom Rooms for Windows |
Before 6.6.5 |
3/10/2026 |
Privilege Escalation |
Update after testing |
|
|
Zoom Clients for Windows |
Before 6.6.0 |
3/10/2026 |
Privilege Escalation |
Update after testing |
|
|
Zoom Workplace for Windows |
Before 6.6.0 |
3/10/2026 |
Privilege Escalation |
Update as soon as possible |
|
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2026 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
9450 SW Gemini Drive #53822, Beaverton, OR 97008
Note: We do our best to provide quality information and expert commentary but use all information at your own risk.