Full Report
Microsoft has released Windows 11 KB5079473 and KB5078883 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]
Analysis Summary
# Vulnerability: Windows 11 March 2026 Cumulative Security Updates
## CVE Details
* **CVE ID:** Not specifically enumerated in provided text (referencing "March 2026 Patch Tuesday" security patches).
* **CVSS Score:** Variable by specific flaw (Refer to Microsoft Security Update Guide for individual CVE scores).
* **CWE:** Multiple (Includes fixes for Secure Boot, Windows Defender Application Control (WDAC), and system-level bugs).
## Affected Systems
* **Products:** Windows 11
* **Versions:**
* Windows 11 Version 25H2
* Windows 11 Version 24H2
* Windows 11 Version 23H2
* **Configurations:**
* Devices utilizing Secure Boot.
* Systems utilizing Windows Defender Application Control (WDAC).
* Domain-joined vs. non-domain-joined Pro/Home devices (regarding Quick Machine Recovery).
## Vulnerability Description
While the article focuses on feature parity and bug fixes, it addresses core security infrastructure:
* **Secure Boot:** Updates resolve issues with the distribution of Secure Boot certificates, ensuring devices can receive and process new certificates to maintain boot-chain integrity.
* **WDAC:** Addresses a flaw in how Windows Defender Application Control handles COM objects, which previously impacted the enforcement of listing policies.
* **System Stability:** Fixes to File Explorer, Win32 Apps, and the Printing service (spoolsv.exe) address memory/performance reliability issues that could potentially be leveraged in stability-related exploits.
## Exploitation
* **Status:** Not explicitly reported as "exploited in the wild" in this summary; however, these are mandatory security patches.
* **Complexity:** Medium (typical for OS-level kernel and bootloader vulnerabilities).
* **Attack Vector:** Primary vectors usually include **Local** (for privilege escalation) or **Network** (via remote services like Printing or RPC).
## Impact
* **Confidentiality:** High (Potential for unauthorized access via security feature bypass).
* **Integrity:** High (Secure Boot and WDAC fixes protect system integrity).
* **Availability:** Medium (Fixes for spoolsv.exe and display sleep issues address stability/DoS risks).
## Remediation
### Patches
* **Windows 11 25H2 / 24H2:** Update **KB5079473** (Builds 26200.8037 / 26100.8037)
* **Windows 11 23H2:** Update **KB5078883** (Build 22631.6783)
### Workarounds
* No specific workarounds provided; Microsoft recommends immediate installation as these are mandatory security updates.
## Detection
* **Indicators of Compromise:** Monitor for failed Secure Boot integrity checks or unauthorized COM object execution in WDAC logs.
* **Detection methods and tools:**
* **Native Sysmon:** This update introduces native System Monitor (Sysmon) functionality to Windows 11, which can be configured to capture and log system events for threat detection.
* **Settings Search:** Verify patch status via **Settings > Windows Update > Update History**.
## References
* Microsoft Update Catalog: [https://www.catalog.update.microsoft.com/Search.aspx?q=windows%2011]
* Microsoft Support (25H2): [http://support.microsoft.com/en-us/help/5079473]
* Microsoft Support (23H2): [https://support.microsoft.com/help/5078883]
* Microsoft Tech Community (Native Sysmon): [https://techcommunity.microsoft.com/blog/Windows-ITPro-blog/native-sysmon-functionality-coming-to-windows/4468112]