Critical Security Update: Microsoft Patches Released

Microsoft has issued a series of critical security patches addressing multiple vulnerabilities across its ecosystem. The most severe flaw could allow attackers to execute code remotely under the context of a logged-in user—potentially giving them the ability to install programs, access or alter data, or create new accounts with full privileges.

The level of impact largely depends on user permissions. Systems where users operate with administrative rights are at significantly higher risk, while environments enforcing limited access controls may reduce potential damage.

Affected Systems
These vulnerabilities impact widely used Microsoft products, including Windows, Microsoft Office, and Microsoft Edge.

Risk Overview

• Large & Medium Businesses: High Risk
• Small Businesses: Medium Risk

What You Should Do

• Apply the latest Microsoft updates and patches immediately
• Enforce the Principle of Least Privilege to limit unnecessary administrative access

Learn More

• Microsoft Security Update Guide: https://msrc.microsoft.com/update-guide/en-us
• March 2026 Release Notes: https://msrc.microsoft.com/update-guide/releaseNote/2026-Mar

Staying up to date with these patches is essential to maintaining a secure environment.

Critical Security Alert: Google Chrome Vulnerabilities

Multiple vulnerabilities have been identified in Google Chrome, including severe flaws that could allow attackers to execute arbitrary code on affected systems. If successfully exploited, an attacker could gain access in the context of the logged-in user—potentially enabling them to install malicious programs, access or modify sensitive data, or create new accounts with full privileges.

Google has confirmed that active exploits for CVE-2026-3909 and CVE-2026-3910 are already circulating in the wild, increasing the urgency for immediate action. As with many security risks, systems with administrative-level users face significantly higher exposure, while those enforcing restricted permissions may limit potential impact.

Affected Systems

• Chrome versions prior to 146.0.7680.75/76 (Windows and macOS)
• Chrome versions prior to 146.0.7680.75 (Linux)

Risk Overview

• Large & Medium Businesses: High Risk
• Small Businesses: Medium Risk

What You Should Do

• Update Google Chrome to the latest version across all devices immediately
• Enforce the Principle of Least Privilege to minimize unnecessary administrative access

Learn More

• https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html

Keeping browsers up to date is a critical first line of defense against emerging threats.

ConnectWise ScreenConnect Vulnerability

A critical vulnerability has been identified in ConnectWise ScreenConnect that could allow threat actors to gain unauthorized access—potentially with elevated privileges—if they obtain access to sensitive server-level cryptographic material used for authentication.

In earlier versions, ScreenConnect stored unique machine keys within server configuration files. Under certain conditions, this could allow attackers to extract these keys and misuse them to authenticate sessions. To address this, ConnectWise has released version 26.1, which introduces enhanced protections, including encrypted storage and improved management of cryptographic keys—significantly reducing the risk of exploitation.

Affected Systems

• ScreenConnect versions prior to 26.1

Risk Overview

• Organizations using ScreenConnect: High Risk if unpatched

What You Should Do

• Apply the latest ScreenConnect updates immediately after appropriate testing
• Ensure any third-party vendors using ScreenConnect are also applying updates
• Enforce the Principle of Least Privilege to limit unnecessary administrative access

Learn More

• https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin

Timely patching and proper access controls are essential to protecting remote access infrastructure from compromise.

Critical SharePoint Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical Microsoft SharePoint vulnerability as actively exploited and added it to its Known Exploited Vulnerabilities (KEV) catalog, according to the Register.

The flaw, CVE-2026-20963, allows an unauthenticated attacker to inject and execute arbitrary code remotely on a SharePoint server—creating a serious risk of full system compromise.

Although Microsoft released a patch in January, the active exploitation of this vulnerability significantly increases the urgency for organizations that have not yet applied updates.

Why This Matters

• No authentication required for exploitation
• Enables remote code execution
• Actively targeted by threat actors

What You Should Do

• Apply the January Microsoft patch immediately if not already completed
• Implement mitigations and monitor for any signs of compromise
• Review access controls and harden SharePoint environments

Urgency
CISA has mandated that federal agencies remediate this vulnerability by Saturday, March 21st. Private sector organizations are strongly encouraged to act immediately to reduce risk.

Delaying remediation of actively exploited vulnerabilities can leave systems exposed—prompt action is critical.

“DarkSword” Exploit Chain Targets iOS Devices

A newly identified exploit chain dubbed “DarkSword” is actively compromising iOS devices through malicious websites, according to recent reports from WIRED and security researchers at iVerify, Lookout, and Google.

This sophisticated attack allows iPhones to be silently infected simply by visiting a compromised site. Researchers attribute recent activity to a suspected Russian espionage group, UNC6353, which has used DarkSword in watering-hole campaigns targeting Ukrainian users.

How It Works
DarkSword is a full exploit chain and infostealer written in JavaScript. It leverages multiple vulnerabilities to escalate privileges and access sensitive data. The attack begins when a user visits a compromised webpage containing a malicious iframe. From there, the exploit:

• Escapes Safari’s WebContent sandbox
• Uses WebGPU to inject into system processes
• Gains kernel-level read/write access
• Bypasses sandbox restrictions to access restricted files and data

Why This Matters

• No user interaction required beyond visiting a malicious site
• Enables deep system access and data exfiltration
• Exploit code has been exposed publicly, increasing risk of wider use

Affected Systems

• Devices running iOS 18 or earlier (impacting a significant portion of iPhones)

What You Should Do

• Update iOS devices to the latest available version immediately
• Avoid visiting untrusted or suspicious websites
• Implement mobile threat detection where possible

The exposure of this exploit chain means threat actors beyond its original operators may quickly adopt it—making timely updates and user awareness more critical than ever.