Microsoft’s March Patch Tuesday fixed 79 vulnerabilities, including two zero-days that were publicly disclosed before patches were available. The two most closely watched flaws were CVE-2024-21412, a Windows SmartScreen security feature bypass, and CVE-2024-26198, an elevation-of-privilege bug in Microsoft Office.
CVE-2024-21412 affects SmartScreen, the Windows protection that warns users before opening files or applications considered risky. A bypass of that feature can make phishing-delivered malware more likely to run without the warning prompts users would normally see. CVE-2024-26198 impacts Microsoft Office and is notable because Office remains a common entry point in email-based attacks. Public reporting tied the issue to internet shortcut and file-handling behavior, and Microsoft indicated it had been exploited in the wild.
The immediate concern for defenders is timing. Once technical details of a flaw are public, attackers can work from the same information as security teams, shortening the window for safe testing and staged rollout. That is especially relevant here because the two bugs touch components widely used in phishing chains: Windows file warnings and Office document handling.
Beyond the zero-days, Microsoft’s March release also included several high-severity remote code execution issues across Windows and related products. But the publicly disclosed flaws are likely to get priority in many patch queues because they were already exposed before fixes shipped.
Organizations should move quickly to deploy the updates, particularly on user-facing Windows systems and endpoints where staff routinely open email attachments, downloaded files, or shortcut links. Security teams may also want to review attachment filtering, endpoint protection policies, SmartScreen enforcement, and user guidance around suspicious files and links. For remote users connecting over public networks, layered protections such as a VPN can help reduce exposure, though patching remains the main fix.
Microsoft’s Security Update Guide lists the affected CVEs and exploit status, while industry coverage has highlighted the increased risk that comes with pre-patch disclosure.
