Get ready for a thrilling dive into the world of cybersecurity! Today, we're uncovering the critical updates Microsoft has released for its February 2026 Patch Tuesday. Brace yourself, as this is where things get controversial and exciting!
Microsoft's latest security updates address a whopping 58 flaws, including 6 zero-day vulnerabilities that were actively exploited. But here's the twist: three of these zero-days were also publicly disclosed, which is a rare and concerning scenario.
Among the critical vulnerabilities, we find 5 classified as 'Critical,' with 3 being elevation of privilege flaws and 2 information disclosure issues. The breakdown of bugs in each category is as follows:
- 25 Elevation of Privilege vulnerabilities
- 5 Security Feature Bypass vulnerabilities
- 12 Remote Code Execution vulnerabilities
- 6 Information Disclosure vulnerabilities
- 3 Denial of Service vulnerabilities
- 7 Spoofing vulnerabilities
Now, here's a curious detail: when we talk about the number of flaws, we're referring only to the updates released by Microsoft today. This means we're excluding 3 Microsoft Edge flaws that were fixed earlier this month.
In addition to these updates, Microsoft is also rolling out new Secure Boot certificates to replace the original 2011 certificates, which are set to expire in late June 2026. This update ensures a safer and more phased rollout, as devices will only receive the new certificates after showing sufficient successful update signals.
Let's dive deeper into the actively exploited zero-days:
- CVE-2026-21510: A Windows Shell Security Feature Bypass Vulnerability. Microsoft has patched this flaw, which could be triggered by opening a specially crafted link or shortcut file. The attacker would need to convince a user to open a malicious link, bypassing Windows SmartScreen and security prompts.
- CVE-2026-21513: An MSHTML Framework Security Feature Bypass Vulnerability in Windows. Microsoft has provided a fix, but the details on how this was exploited remain unclear.
- CVE-2026-21514: A Microsoft Word Security Feature Bypass Vulnerability. An attacker could exploit this by sending a malicious Office file and convincing the user to open it. Microsoft assures that this flaw cannot be exploited in the Office Preview Pane.
- CVE-2026-21519: A Desktop Window Manager Elevation of Privilege Vulnerability. An attacker who successfully exploits this could gain SYSTEM privileges.
- CVE-2026-21525: A Windows Remote Access Connection Manager Denial of Service Vulnerability. Microsoft has fixed this flaw, but no details have been shared on why or how it was exploited.
- CVE-2026-21533: A Windows Remote Desktop Services Elevation of Privilege Vulnerability. Improper privilege management allows an authorized attacker to elevate privileges locally.
It's worth noting that CVE-2026-21513, CVE-2026-21510, and CVE-2026-21514 were publicly disclosed.
Other companies have also released updates and advisories this month. Adobe, BeyondTrust, CISA, Cisco, Fortinet, Google, n8n, and SAP are among those who have addressed security concerns in their respective software and services.
Additionally, Microsoft has started rolling out built-in Sysmon functionality in Windows 11 insider builds, which is a useful feature for Windows admins.
The complete list of resolved vulnerabilities in the February 2026 Patch Tuesday updates can be found in the full report. Each vulnerability's description and the systems it affects are detailed there.
So, what do you think about these critical updates and the potential risks they address? Are there any specific vulnerabilities that concern you the most? Feel free to share your thoughts and insights in the comments below! We'd love to hear your expert opinions on these matters.
