Microsoft Patches 79 Flaws, Introduces Passkey Sign-ins, and Warns of Critical HPE Vulnerability

What Happened

Microsoft has released its March 2026 Patch Tuesday security updates, addressing a total of 79 vulnerabilities, including two publicly disclosed zero-day flaws. The patches also include fixes for three "Critical" vulnerabilities, two of which are remote code execution flaws and the other is an information disclosure flaw. Additionally, Microsoft has introduced passkey support for Windows devices via Microsoft Entra, enabling phishing-resistant passwordless authentication.

Why It Matters

The security updates are crucial as they fix vulnerabilities that could be exploited by attackers to gain unauthorized access to systems. The two zero-day flaws, in particular, are significant as they are being actively exploited by attackers. The introduction of passkey support for Windows devices is also important as it provides an additional layer of security and convenience for users.

Key Numbers

• 79: Total number of vulnerabilities fixed by Microsoft's March 2026 Patch Tuesday security updates
• 2: Number of publicly disclosed zero-day flaws fixed by the updates
• 3: Number of "Critical" vulnerabilities fixed by the updates
• 24H2: Version of Windows 11 that receives the same updates as 25H2

Key Facts

• Who: Microsoft
• What: Released March 2026 Patch Tuesday security updates and introduced passkey support for Windows devices
• When: March 2026
• Where: Worldwide
• Impact: Fixes 79 vulnerabilities, including two zero-day flaws, and introduces phishing-resistant passwordless authentication

What Experts Say

> "The introduction of passkey support for Windows devices is a significant step forward in providing phishing-resistant authentication. This will help to reduce the risk of password-related attacks and provide users with a more convenient and secure way to access their devices." — Microsoft spokesperson

HPE Warns of Critical AOS-CX Flaw

Hewlett Packard Enterprise (HPE) has warned of a critical authentication bypass vulnerability in its Aruba Networking AOS-CX operating system. The vulnerability, tracked as CVE-2026-23813, could allow attackers to reset admin passwords and gain unauthorized access to systems.

What Comes Next

Microsoft will continue to release security updates and patches to address emerging vulnerabilities. The introduction of passkey support for Windows devices is expected to provide an additional layer of security and convenience for users. HPE will also continue to monitor and address vulnerabilities in its products, including the AOS-CX operating system.