All posts

March 2026 Windows Update — Why You Should Install It Now

4 min read

Take a second. Think about what's on your PC. Banking details, family photos, a decade of emails, work documents, saved passwords. Now think about what it would mean if someone else had full access to all of that without you noticing.

That's what this month's Patch Tuesday prevents. Microsoft released fixes for over 80 flaws on 10 March, including two that attackers are actively using against unpatched Windows PCs right now. If yours hasn't updated yet, today is the day.

A quick word on zero-days

"Zero-day" sounds like jargon, but the idea is simple. A zero-day is a security flaw that criminals found before the software's developer did. By the time Microsoft hears about it, it's already being used in real attacks. The name refers to the number of days the developer had to fix it before it went live. Zero.

That matters because there are no theoretical risks here. There are known working attacks for these flaws, happening now, on Windows PCs that haven't applied this update. Every day you wait is another day those attacks work on yours.

This month by the numbers

81 vulnerabilities patched

Critical
14
14
High
34
34
Medium
26
26
Low
7
7

14 critical vulnerabilities is a lot for a single month. These are the kind of flaws that can give an attacker full control of your PC remotely, with little or no interaction required from you.

The Worst Ones

2 zero-days, actively exploited

Print spooler remote code execution. A flaw in the Windows print system that lets an attacker run code on your PC. Similar to the infamous PrintNightmare bug from 2021. If your PC has a network printer configured (and most do), you're potentially vulnerable.
Office preview pane attack. An attacker sends you a specially crafted document (Word, Excel, or Rich Text). You don't even have to open it: just viewing it in the preview pane in Outlook or File Explorer is enough to get compromised. This is the scarier of the two because it requires almost no interaction from the victim.

Beyond the zero-days, there are also several privilege escalation bugs. These let an attacker who's already on your system (even with limited access) promote themselves to full administrator. Combined with the vulnerabilities above, this means an attacker could get in through a dodgy email attachment, then take complete control of your machine.

To put it simply: someone could take over your PC through an email attachment you don't even open, just preview. That's why this update matters.

How to Install It

  1. Open Settings (press Windows key + I)
  2. Click Windows Update (in Windows 11) or Update & Security (in Windows 10)
  3. Click Check for updates
  4. Let it download and install, which may take 10–30 minutes depending on your PC speed and internet connection
  5. Restart when prompted. The updates don't take effect until you restart. Don't just leave the "restart pending" notification sitting there for days
Pro tip: If you want to restart at a convenient time rather than immediately, go to Windows Update → Advanced options → Active hours. Set your working hours and Windows will only restart outside them.

What If Updates Are Failing?

If Windows Update is stuck, giving you error codes, or failing to install, that's a problem in itself, and one I see regularly. Common causes include low disk space, corrupted update files, or clashing software. Have a look at my post on common PC problems for troubleshooting steps, or how to speed up a slow Windows 11 PC if lack of disk space is the issue.

Don't just ignore failed updates. A PC that can't update is a PC that can't protect itself.

Windows 10 Got Patches Too

Even though Windows 10 reached end of support in October 2025, it received 48 security fixes this month, but only if you've activated the free Extended Security Updates (ESU). If you're still on Windows 10 and haven't set up ESU, you're not getting these patches at all, and every month that gap grows wider.

If you're still on Windows 10, read my Windows 10 end of life guide for your options. The free ESU is available until October 2026, but after that you're completely on your own.

Why This Matters Even If You "Don't Click Dodgy Links"

I hear this all the time: "I'm careful online, I don't need to worry about updates." But the preview pane vulnerability in this month's patch shows exactly why that's wrong. You don't have to click anything. You don't have to open anything. You just have to receive an email and glance at it.

Good security habits are important, and having solid antivirus protection matters, but they're not a substitute for keeping your operating system patched. The updates fix the holes that attackers use to get in. Without them, it doesn't matter how careful you are.

For the full technical details, Bleeping Computer's write-up covers every CVE, and Krebs on Security has analysis of the most critical flaws.

Windows update keyboard
Mark — Your Local Computer Guy
Mark

Mark has been fixing computers since the late '90s and went self-employed in 2008. Based in St Helens since 2013, he works evenings and weekends from his home in Laffak — friendly, affordable repairs for PCs, laptops, and Macs. See reviews on Google

Updates stuck or something not right?

If Windows Update is failing, your PC is running slowly after updating, or you're just not sure if you're protected, get in touch and bring it in.

WhatsApp Me Call 07428 101010