TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

News

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days

By rooter

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-day vulnerabilities.

Microsoft Patch Tuesday security updates for February 2026 fix 58 new security flaws across Windows, Office, Azure, Edge, Exchange, Hyper-V, WSL, and other components, rising to 62 CVEs when third-party updates are included. Five vulnerabilities are Critical, two Moderate, and most are rated Important. What stands out is that six flaws addressed this month are actively exploited in the wild, three of them publicly known.

Below are the six zero-day vulnerabilities addressed by the IT giant:

  • CVE-2026-21510 (CVSS score of 7.5 – High)
    A Windows SmartScreen and Shell prompt bypass that allows attackers to evade security warnings by tricking users into opening a crafted malicious link or shortcut file.
  • CVE-2026-21513 (CVSS score of 8.8 – High)
    An Internet Explorer security control bypass that can lead to code execution when a victim opens a malicious HTML page or LNK file.
  • CVE-2026-21514 (CVSS score of 8.1 – High)
    A Microsoft 365 and Office flaw that bypasses OLE security mitigations, enabling malicious activity when a specially crafted Office document is opened.
  • CVE-2026-21519 (CVSS score of 7.8 – High)
    A Windows Desktop Window Manager vulnerability that enables local privilege escalation and elevated system access.
  • CVE-2026-21525 (CVSS score of 6.5 – Medium)
    A Windows Remote Access Connection Manager bug that can be abused by a local attacker to cause a denial-of-service condition.
  • CVE-2026-21533 (CVSS score of 8.8 – High)
    A Windows Remote Desktop Services vulnerability that allows attackers to escalate privileges to SYSTEM.

Microsoft labeled CVE-2026-21510, CVE-2026-21514 and CVE-2026-21513 as “publicly disclosed”.

Microsoft credited Google Threat Intelligence Group, its internal security teams, and an anonymous researcher for discovering CVE-2026-21510 and CVE-2026-21514, while Microsoft and GTIG reported the vulnerability CVE-2026-21513.

The full list of CVEs addressed by the Microsoft Patch Tuesday security update for February 2026 is available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Patch Tuesday)

By rooter

Related Post

News

FDA refuses to review Moderna’s mRNA flu vaccine

rooter
News

World’s Dumbest People Think They Can Solve the Nancy Guthrie Ransom Case With Grok

rooter
News

The Toyota Highlander is now a three-row electric SUV with 320 miles of range

rooter

You Missed

News

FDA refuses to review Moderna’s mRNA flu vaccine

News

World’s Dumbest People Think They Can Solve the Nancy Guthrie Ransom Case With Grok

News

The Toyota Highlander is now a three-row electric SUV with 320 miles of range

News

Ford Had Its Biggest Net Loss Since the Recession Due To EV Troubles