Microsoft Patches Two Zero-Days, Browser AI Flaws Surface in March Updates

Microsoft's March 2026 Patch Tuesday Addresses 93 Vulnerabilities, Including Two Zero-Days

• Microsoft released its March 2026 Patch Tuesday updates, fixing a total of 93 vulnerabilities across various products, including two publicly disclosed zero-day flaws.
• Among the patched issues, eight critical vulnerabilities were identified, with several rated as 'more likely' to be exploited, posing immediate risks to systems.
• Users are urged to apply these security updates promptly to mitigate potential threats from actively exploited and critical vulnerabilities.

Source: The Hacker News | Date: March 11, 2026

Microsoft .NET Zero-Day Vulnerability (CVE-2026-2345) Enables Denial-of-Service Attacks

• Microsoft addressed CVE-2026-2345, a critical zero-day vulnerability in .NET that could allow attackers to trigger denial-of-service (DoS) conditions on affected systems.
• This flaw, included in the March 2026 Patch Tuesday, represents a publicly disclosed vulnerability posing a significant risk to applications built on the .NET framework.
• Immediate patching is recommended for all affected .NET installations to prevent potential service disruptions and maintain application availability.

Source: Cybersecurity News | Date: March 11, 2026

Zero-Click XSS Flaw in Microsoft Excel (CVE-2026-2346) Exploitable via Copilot for Data Theft

• A zero-click Cross-Site Scripting (XSS) vulnerability, identified as CVE-2026-2346, was patched in Microsoft Excel, which could enable data theft through interaction with Copilot.
• This critical flaw allows attackers to execute arbitrary scripts in the context of the user, potentially compromising sensitive data without requiring direct user interaction.
• Microsoft released a patch for this zero-day vulnerability as part of its March 2026 Patch Tuesday, advising users to update their Excel installations immediately.

Source: Security.nl | Date: March 11, 2026

Researchers Exploit Prompt Injection in Perplexity's Comet AI Browser for Phishing

• Security researchers demonstrated a prompt injection vulnerability in Perplexity's Comet AI browser, allowing them to engineer a phishing scam within four minutes.
• The flaw enables manipulation of the AI assistant's responses and actions by injecting malicious instructions, potentially leading to unauthorized data disclosure or credential harvesting.
• This incident highlights emerging security challenges in AI-powered browser features, emphasizing the need for robust input validation and isolation mechanisms.

Source: The Hacker News | Date: March 12, 2026

Multiple Cross-Site Scripting Vulnerabilities Affect Cisco Contact Center Products

• Cisco disclosed multiple Cross-Site Scripting (XSS) vulnerabilities across its Contact Center products that could allow an unauthenticated, remote attacker to execute arbitrary script code.
• These flaws may enable attackers to access sensitive browser-based information, tamper with webpage content, or perform actions on behalf of the user.
• Cisco has released security advisories with details on affected products and software versions, urging customers to apply available patches to mitigate these risks.

Source: Cisco Security Advisories | Date: March 13, 2026

Cisco Expands Browser Isolation Capabilities for Enhanced Web Control

• Cisco is enhancing its browser isolation capabilities within the Secure Web Appliance to provide organizations with greater control over web access and mitigate advanced threats.
• Browser isolation creates a protective barrier between the user's endpoint and untrusted web content, preventing malware delivery and data exfiltration from potentially malicious websites.
• This feature allows IT administrators to enforce granular security policies, ensuring a secure browsing experience while maintaining productivity.

Source: Cisco Security Blog | Date: March 13, 2026

Google Extends Chrome's AI Experiences to India, New Zealand, and Canada

• Google is expanding the availability of Chrome's embedded AI features, including "Help me write," tab organization, and custom theme creation, to users in India, New Zealand, and Canada.
• These AI-powered functionalities aim to enhance user productivity and personalize the browsing experience directly within the Chrome browser.
• The rollout signifies Google's ongoing integration of generative AI into its flagship browser, continuously making these features accessible to more global users.

Source: Google Blog | Date: March 12, 2026

References

1. Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days - The Hacker News
2. Microsoft .NET 0-Day Vulnerability Enables Denial-of-Service Attacks - Cybersecurity News
3. Zero-click XSS-lek in Microsoft Excel maakt datadiefstal via Copilot mogelijk - Security.nl
4. Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes - The Hacker News
5. Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities - Cisco Security Advisories
6. Gain web control with browser isolation - Cisco Security Blog
7. Expanding Chrome’s AI experiences to India, New Zealand and Canada - Google Blog