Microsoft has rolled out updates addressing 59 security vulnerabilities in its software suite, including six critical zero-day threats that have been actively exploited. Released on Tuesday, these updates are part of Microsoft’s regular security maintenance efforts to enhance user protection.
Detailed Breakdown of Vulnerabilities
Among the vulnerabilities, five are categorized as Critical, 52 as Important, and two as Moderate. Privilege escalation vulnerabilities make up the largest group with 25 instances, followed by 12 remote code execution issues, seven spoofing, six information disclosure, five security feature bypasses, three denial-of-service, and one cross-site scripting vulnerability.
In addition to these updates, Microsoft has also addressed three security vulnerabilities in its Edge browser. This includes a Moderate vulnerability affecting the Edge version on Android that could enable unauthorized network-based spoofing.
Highlighted Zero-Day Vulnerabilities
The six zero-day vulnerabilities identified in this update include CVE-2026-21510 and CVE-2026-21513, both with a CVSS score of 8.8, which allow attackers to bypass security features over a network. CVE-2026-21514, CVE-2026-21519, CVE-2026-21525, and CVE-2026-21533 are also significant, each presenting various risks such as privilege escalation and denial of service.
Microsoft’s collaboration with the Google Threat Intelligence Group has been crucial in discovering several of these exploits. While specific exploitation details remain undisclosed, the vulnerabilities’ critical nature has prompted immediate action.
Implications and Future Security Measures
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities catalog, mandating Federal Civilian Executive Branch agencies to implement the fixes by early March 2026. Alongside these patches, Microsoft is updating its Secure Boot certificates to strengthen device security.
Microsoft is also advancing its security posture through initiatives like Windows Baseline Security Mode and User Transparency and Consent. These measures aim to enhance default system protections and ensure users are informed about app interactions with sensitive system components.
Concluding on a proactive note, Microsoft’s updates reflect its ongoing commitment to cybersecurity, ensuring robust defenses against evolving threats. Users are encouraged to apply these updates to safeguard their systems effectively.
![[Webinar] Learn How Leading Security Teams Reduce Attack Surface Exposure with DASR](https://cyberwebspider.com/blog/wp-content/uploads/2025/11/cyberteams.jpg "[Webinar] Learn How Leading Security Teams Reduce Attack Surface Exposure with DASR")
