Microsoft has reinforced its security measures with the February 2026 Patch Tuesday updates, addressing a total of approximately 60 vulnerabilities. Notably, the updates include fixes for six zero-day vulnerabilities that have been actively exploited, marking a significant step in safeguarding its products.
Details of the Zero-Day Vulnerabilities
The identified zero-day vulnerabilities cover a range of Microsoft products. CVE-2026-21510 is a bypass for Windows SmartScreen and Windows Shell security prompts, exploitable via malicious links. CVE-2026-21514 affects Microsoft 365 and Office by allowing OLE mitigation bypass. Internet Explorer is compromised by CVE-2026-21513, which can be exploited through malicious HTML or LNK files.
Further threats include CVE-2026-21519, linked to Windows Desktop Window Manager for privilege escalation, and CVE-2026-21533, which impacts Windows Remote Desktop Services with potential for privilege escalation to System level. Lastly, CVE-2026-21525 presents a local DoS attack risk via Windows Remote Access Connection Manager.
Discovery and Reporting
Microsoft has acknowledged contributions from various security teams in identifying these vulnerabilities. Google Threat Intelligence Group (GTIG) and Microsoft jointly discovered CVE-2026-21510 and CVE-2026-21514, while CVE-2026-21513 was also a collaborative effort. Microsoft researchers found CVE-2026-21519, with CrowdStrike credited for CVE-2026-21533 and Acros Security for CVE-2026-21525.
These discoveries suggest potential exploitation by similar threat actors, possibly linked to campaigns involving commercial spyware vendors and nation-state hackers. Despite minimal public information on active exploits, the vulnerabilities are flagged as ‘publicly disclosed’ in Microsoft’s advisories.
Comprehensive Patching Efforts
Alongside zero-day fixes, the February 2026 updates address vulnerabilities across Microsoft’s ecosystem, including Azure, Windows Defender, Exchange Server, .NET, GitHub Copilot, Edge, and Power BI. These comprehensive measures reflect Microsoft’s ongoing commitment to enhancing product security.
SecurityWeek has reached out to Acros and CrowdStrike for further insights into potential exploitations of these zero-days and will provide updates as more information becomes available.
The proactive measures taken by Microsoft underscore the importance of timely updates in combating emerging cybersecurity threats, ensuring user protection against sophisticated cyber attacks.
