๐ก TODAY’S THREAT LEVEL: YELLOW
March 2026 Patch Tuesday delivered 113 CVEs โ including two Critical Microsoft Office remote code execution vulnerabilities and a Windows SMB Server flaw rated Exploitation More Likely. SMBs running unpatched Office or Windows are exposed right now.
๐ฏ TOP 3 ACTIVE THREATS
1. Microsoft Office Remote Code Execution โ CVE-2026-26113 & CVE-2026-26110 | CRITICAL
Affected: Microsoft Office (all editions) on Windows โ Word, Excel, PowerPoint
Risk Level: ๐ด Critical
Two Critical-rated RCE vulnerabilities in Microsoft Office allow an unauthenticated attacker to execute malicious code by getting a user to open a crafted document. CVE-2026-26113 exploits an untrusted pointer dereference; CVE-2026-26110 uses type confusion. These are the exact attack vectors used in phishing campaigns targeting Houston small businesses โ one wrong click and the attacker owns the machine.
2. Windows SMB Server Elevation of Privilege โ CVE-2026-24294 | HIGH (Exploitation More Likely)
Affected: Windows Server and Windows 10/11 โ virtually every business network
Risk Level: ๐ High โ Microsoft rated Exploitation More Likely
An improper authentication flaw in Windows SMB Server lets an attacker already on your network escalate to SYSTEM-level privileges. Every Windows-based office network uses SMB for file shares. Ransomware operators use this for lateral movement.
3. Ivanti Endpoint Manager Auth Bypass โ CVE-2026-1603 | CRITICAL (CISA KEV)
Affected: Organizations running Ivanti Endpoint Manager (EPM)
Risk Level: ๐ด Critical โ Added to CISA Known Exploited Vulnerabilities catalog March 9, 2026
An authentication bypass in Ivanti EPM gives unauthenticated attackers full management-level access to enrolled endpoints. CISA’s KEV designation confirms active exploitation in the wild.
๐ MICROSOFT’S RECOMMENDATION
Microsoft’s Security Response Center released the March 2026 Patch Tuesday update covering 113 CVEs. MSRC recommends applying all March 2026 security updates immediately, prioritizing Critical and Exploitation More Likely ratings. Enable Microsoft Defender Automatic Updates โ signatures for the Office RCE vulnerabilities are already deployed. Full details: msrc.microsoft.com/update-guide.
โก ARIES RECOMMENDS โ 3 Actions for Houston SMBs TODAY
- Patch Office NOW. Open Word or Excel โ File โ Account โ Update Options โ Update Now. CVE-2026-26113 and CVE-2026-26110 get weaponized within days of Patch Tuesday. Every unpatched workstation is a loaded gun.
- Audit your SMB exposure. Confirm March 2026 Windows Update is applied on all servers and workstations (CVE-2026-24294). If port 445 is exposed to the internet โ close it today.
- Verify your endpoint management stack. If you or your IT provider runs Ivanti EPM, patch CVE-2026-1603 immediately. If you don’t know what endpoint tools are deployed in your environment, that gap needs to close now.
๐ก๏ธ PCA PROTECTION STATUS
PCA Technology clients on SENTINEL, FORTRESS, and VANGUARD are protected because automated patch management deploys Microsoft Office and Windows security updates across all managed endpoints within a 24-hour cycle. Microsoft Defender is active with current signatures. FORTRESS and VANGUARD clients also benefit from proactive SMB firewall reviews and email gateway filtering that blocks weaponized Office documents before they reach any inbox.
๐ IS YOUR BUSINESS PROTECTED?
Not sure if your business is protected? Contact Daniel Lau at PCA Technology for a free M365 security assessment. We will audit your patch status, review your SMB exposure, and give you a straight answer.
๐ง daniellau@pcatechnologyinc.com | ๐ pca-tech.com
โ A.R.I.E.S. | Advanced Risk Intelligence & Enterprise Security | PCA Technology Inc. | March 11, 2026