Microsoft Patch Tuesday February 2026 Fixes 54 Flaws, 6 Zero-Days Under Active Exploitation - gbhackers.com

Microsoft Patch Tuesday February 2026 CVE/vulnerabilityCyber Security NewsMicrosoft 3 min.Read Microsoft Patch Tuesday February 2026 Fixes 54 Flaws, 6 Zero-Days Under Active Exploitation By Divya February 11, 2026 Share Facebook Twitter Pinterest WhatsApp Microsoft’s February 2026 Patch Tuesday update has arrived with critical urgency, addressing 54 security vulnerabilities across its ecosystem. This month’s release is particularly severe due to the inclusion of six zero-day vulnerabilities that are currently being exploited in the wild. Security teams are urged to prioritize these updates immediately to prevent system compromise. The Six Actively Exploited Zero-Days The most alarming aspect of this update is the volume of “active exploits”, flaws that attackers were already abusing before Microsoft could release a fix. CVE-2026-21510 (Windows Shell Security Feature Bypass): This vulnerability allows attackers to bypass “Mark of the Web” (MoTW) security warnings, which typically alert users to dangerous files downloaded from the internet. CVE-2026-21519 (Desktop Window Manager Elevation of Privilege): A type confusion flaw in the Desktop Window Manager (DWM) that enables an attacker to gain SYSTEM-level privileges, effectively taking full control of the machine. CVE-2026-21533 (Windows Remote Desktop Services EoP): Improper privilege management in Remote Desktop Services allows authenticated attackers to elevate their permissions to SYSTEM.​ CVE-2026-21513 (MSHTML Platform Security Feature Bypass): This bug in the MSHTML engine allows malicious files (like shortcuts) to bypass security prompts and execute code without the user’s knowledge.​ CVE-2026-21514 (Microsoft Word Security Feature Bypass): Attackers can use malicious Office files to bypass OLE mitigations, a defense mechanism designed to block vulnerable controls.​ CVE-2026-21525 (Windows Remote Access Connection Manager DoS): A null pointer dereference flaw that can be exploited to cause a Denial of Service (DoS), crashing VPN connections for users. Beyond the zero-days, Microsoft update addresses dozens of other flaws. Actively Exploited Zero-Day Vulnerabilities These six flaws are currently being used in attacks. Immediate patching is required. CVE ID Vulnerability Title Severity CVSS CVE-2026-21510 Windows Shell Security Feature Bypass Important 7.8 CVE-2026-21513 MSHTML Platform Security Feature Bypass Important 7.5 CVE-2026-21514 Microsoft Word Security Feature Bypass Important 7.8 CVE-2026-21519 Desktop Window Manager Elevation of Privilege Important 7.8 CVE-2026-21525 Windows Remote Access Connection Manager DoS Important 7.5 CVE-2026-21533 Windows Remote Desktop Services Elevation of Privilege Important 7.8 Critical & Notable Vulnerabilities This table includes other high-risk flaws, particularly those affecting enterprise infrastructure like Exchange and Azure. CVE ID Vulnerability Title Severity Type CVE-2026-21527 Microsoft Exchange Server Spoofing Vulnerability Critical Spoofing / RCE Vector CVE-2026-23655 Azure Container Instances Information Disclosure Critical Information Disclosure CVE-2026-21518 GitHub Copilot / VS Code Remote Code Execution Important RCE / Command Injection CVE-2026-21528 Azure IoT SDK Vulnerability Important Remote Code Execution CVE-2026-21531 Azure SDK Vulnerability Important Remote Code Execution CVE-2026-21222 Windows Kernel Information Disclosure Important Information Disclosure CVE-2026-21249 Windows NTLM Spoofing Vulnerability Moderate Spoofing CVE-2026-21509 Microsoft Office Security Feature Bypass Important Security Feature Bypass Elevation of Privilege (EoP) vulnerabilities dominate the list, accounting for nearly half of the patches. Notable critical fixes include:​ Microsoft Exchange Server (CVE-2026-21527): A remote code execution flaw that remains a high-value target for enterprise attackers.​ Azure Services: Multiple flaws were patched in Azure Data Studio, Azure Arc, and Azure Front Door, highlighting the need to secure cloud-adjacent infrastructure.​ A summary of the 54 flaws fixed in this release, categorized by impact. Vulnerability Type Count Key Risk Elevation of Privilege (EoP) 25 Attackers gaining SYSTEM/Admin rights (e.g., CVE-2026-21519) Remote Code Execution (RCE) 12 Critical server-side flaws (e.g., Exchange, Azure) Spoofing 7 NTLM coercion and identity masking Information Disclosure 6 Leaking memory or sensitive data Security Feature Bypass 5 Evading MoTW (Mark of the Web) or Defender Denial of Service (DoS) 3 Crashing services (e.g., VPN Manager) Given the high number of active exploits, this is a “patch now” event. Administrators should focus first on the six zero-days and the Exchange Server updates. Testing should be conducted quickly to ensure compatibility, but the risk of delay is extreme. Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google Tags cyber security Cyber Security News Vulnerability Divya Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world. Hot this week Infosec- Resources How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities June 4, 2023 1 What is Deep Web The deep web, invisible web, or... SOC Architecture How to Build and Run a Security Operations Center (SOC Guide) – 2023 June 3, 2023 12 Today’s Cyber security operations center (CSOC) should have everything... Cyber Security News Network Penetration Testing Checklist – 2025 March 2, 2025 0 Network penetration testing is a cybersecurity practice that simulates... Cyber Security News Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component October 18, 2023 0 TeamViewer's popularity and remote access capabilities make it an... Checklist Web Server Penetration Testing Checklist – 2026 January 6, 2026 0 Web server pentesting is performed under three significant categories: identity,... Topics AcquisitionAdobeAdwareAIAmazonAmazon AWSAMDAndroidAnti VirusAntimalwareAntispoofingANY RUNApacheAPIAppleAPTArtificial IntelligenceAvastAWSAzureBackdoorBitcoinBluetoothBotnetBrowserBuffer over flowBug BountyBusinessChatbotsChatGPTChecklistChromeCiscoCISOCISO AdvisoryCloudCloud SecurityCloudflareComputer SecurityCourseCPUCross site ScriptingcryptocurrencyCryptocurrency hackCVE/vulnerabilityCyber AdvisoryCyber AICyber AttackCyber Crimecyber securityCyber security CourseCyber Security NewsCyber Security ResourcesDark WebData BreachData GovernanceDDOSDealsDeepSeekDiscordDNSDos AttackDriveDropboxEducationEmailEmail SecurityEthical HackingExploitExploitation ToolsExtratorrentsFACEBOOKFeaturedFirefoxFirefox NewsFirewallForensics ToolsgameGenAIGitHubGitLabGmailGoogleGoogle dorksGovernanceGRCHacking BooksHacksHardware HackingHBOHTMLHTTPIBMIISIncident ResponseInformation GatheringInformation Security RisksInfosec- ResourcesInsider ThreatsInstagramMore cyber security Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks 0 Handala Hack is an Iranian state-linked destructive actor that... Cyber Attack Cyberattack Hits Poland’s Nuclear Research Center 0 Poland's National Centre for Nuclear Research recently experienced a... Cyber Attack CamelClone Uses Public File-Sharing Sites in Government Cyberattacks 0 A new cyber espionage campaign dubbed Operation CamelClone, targeting... AI Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories 0 Zach Rice, the original creator of the widely popular... Botnet RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs 0 RondoDox is a Mirai‑style botnet that has quickly evolved... cyber security MEA Shipment Phishing Scams Surge, Stealing Banking Data in Real Time 0 Every day, billions of people rely on postal and... Android Google Unveils Android 17 Advanced Protection Mode to Stop Malicious Services 0 Google is preparing to launch Android 17, introducing a... Cyber Security News Google Looker Studio Vulnerabilities Allow Attackers to Exfiltrate Data from Google Services 0 Tenable Research recently uncovered “LeakyLooker,” a critical set of... Related Articles Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks cyber security March 16, 2026 Cyberattack Hits Poland’s Nuclear Research Center Cyber Attack March 16, 2026 CamelClone Uses Public File-Sharing Sites in Government Cyberattacks Cyber Attack March 16, 2026 Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories AI March 16, 2026 RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs Botnet March 16, 2026 Recent News Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks Mayura Kathir - March 16, 2026 Cyberattack Hits Poland’s Nuclear Research Center Divya - March 16, 2026 CamelClone Uses Public File-Sharing Sites in Government Cyberattacks Mayura Kathir - March 16, 2026 Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories Divya - March 16, 2026 RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs Mayura Kathir - March 16, 2026 MEA Shipment Phishing Scams Surge, Stealing Banking Data in Real Time Mayura Kathir - March 16, 2026