—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Microsoft Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: Critical

Software Affected

Microsoft ACI Confidential Containers

Microsoft Payment Orchestrator Service

Microsoft Azure Compute Gallery

Microsoft Devices Pricing Program

Overview

Multiple vulnerabilities have been reported in Microsoft Products, which could be exploited by a remote attacker to gain elevated privileges, obtain sensitive information and conduct remote code execution attacks on the targeted system.

Target Audience:

All end-user organizations and individuals using Microsoft products for Desktop and Cloud environments.

Risk Assessment:

High risk of arbitrary code execution, privilege escalation, and sensitive information disclosure.

Impact Assessment:

Potential for exfiltration of data and compromise of system.

Description

Multiple vulnerabilities have been reported in Microsoft Products due to improper access control and insufficient validation of certain operations. A remote attacker could exploit these vulnerabilities by sending specially crafted requests or leveraging authorized access to vulnerable components.

Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, obtain sensitive information and conduct remote code execution attacks on the targeted system.

Solution

Apply appropriate updates as mentioned as mentioned by the Vendor:  

https://msrc.microsoft.com/update-guide/releaseNote/2026-Mar

Vendor Information

Microsoft

https://msrc.microsoft.com/update-guide/

References

 

https://msrc.microsoft.com/update-guide/releaseNote/2026-Mar

CVE Name

CVE-2026-26122

CVE-2026-26125

CVE-2026-26124

CVE-2026-21536

CVE-2026-23651

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmwGUUACgkQ3jCgcSdc

ys8QZg//YQ+sJ+ZbdB6fDcIq2EmD0eN+OTNp/UFQzrjkuBGpNXmj+jyGXdzBCa7v

4amSoUW/xWSW5PDWofmJdePBobES31PqcrYl82XJZNv1WiLInP+D6AoeDZQDCM7H

s0AGV+hicqr+6V7qrjvOCuWZ3pqpvQSIZzvT30sggZczmeqnq6S8d0h1LOFrbJhP

I9on/B3nN0oy+0lHyAvtzq/XiHz6Bh78QLoaVFi7iJGOV/MpHrGNZ14f7H9MQn2A

Ojbw3qbOErCaIMn/JGsjaqjvlQn0ua9F7TE0EwOFQHF3CObuMLmUk0a7BqhyjBBx

66rKKqcpQq/LqOX7Y428K7P+3a31vYksbdGC/4eINBBziNWZA7F1UkMk43tynoIY

P8iKuaqcL1P14B98fqaAvpb1ZNrgg0+7ChhmKC985evIVvYI9KGRBf7NH5SJnLvO

PqUzhUbjbIo38n1va3ZcTfzBLiWihI+5JLZpBfGh1AOQmB3J9ypkgy5W4PaCSJlv

XZJMTQxVdgeWGiQptGNuOHlOa72wqN+BJjx4y1RBH/oAlbDpUOR8cK6iGmoMZKtx

UE7SVFjPT+iH2+3lzYNoFRABQyp1LTs6CaR5wMUV5H3ZbiT64C1LQvL7xpi6Y+Uq

M7cUdFmowfnhmkF2gvCjLa+eix8C3LOePgSgexuMwASmfNKseYI=

=MhLh

—–END PGP SIGNATURE—–