Right this moment is Microsoft’s February 2026 Patch Tuesday with security updates for 58 flaws, together with 6 actively exploited and three publicly disclosed zero-day vulnerabilities.
This Patch Tuesday additionally addresses 5 “Essential” vulnerabilities, 3 of that are elevation of privileges flaws and a couple of data disclosure flaws.
The variety of bugs in every vulnerability class is listed beneath:
- 25 Elevation of Privilege vulnerabilities
- 5 Safety Characteristic Bypass vulnerabilities
- 12 Distant Code Execution vulnerabilities
- 6 Info Disclosure vulnerabilities
- 3 Denial of Service vulnerabilities
- 7 Spoofing vulnerabilities
When BleepingComputer reviews on Patch Tuesday security updates, we solely depend these launched by Microsoft right this moment. Due to this fact, the variety of flaws doesn’t embrace 3 Microsoft Edge flaws fastened earlier this month.
As a part of these updates, Microsoft has additionally begun to roll out up to date Safe Boot certificates to switch the unique 2011 certificates which might be expiring in late June 2026.
“With this replace, Home windows high quality updates embrace a broad set of concentrating on information that identifies units and their capability to obtain new Safe Boot certificates,” explains Microsoft within the Home windows 11 replace notes.
“Gadgets will obtain the brand new certificates solely after they present ample profitable replace alerts, which helps ensures a secure and phased rollout.”
To study extra concerning the non-security updates launched right this moment, you possibly can assessment our devoted articles on the Home windows 11 KB5077181 & KB5075941 cumulative updates.
6 actively exploited zero-days
This month’s Patch Tuesday fixes six actively exploited vulnerabilities, three of that are publicly disclosed.
Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited whereas no official repair is offered.
The six actively exploited zero-days are:
CVE-2026-21510 – Home windows Shell Safety Characteristic Bypass Vulnerability
Microsoft has patched an actively exploited Home windows security function bypass that may be triggered by opening a specifically crafted hyperlink or shortcut file.
“To efficiently exploit this vulnerability, an attacker should persuade a consumer to open a malicious hyperlink or shortcut file.” explains Microsoft.
“An attacker might bypass Home windows SmartScreen and Home windows Shell security prompts by exploiting improper dealing with in Home windows Shell elements, permitting attacker‑managed content material to execute with out consumer warning or consent,” continued Microsoft.
Whereas Microsoft has not shared additional particulars, it doubtless permits attackers to bypass the Mark of the Net (MoTW) security warnings.
Microsoft has attributed the invention of the flaw to Microsoft Risk Intelligence Middle (MSTIC), Microsoft Safety Response Middle (MSRC), Workplace Product Group Safety Workforce, Google Risk Intelligence Group, and an nameless researcher.
CVE-2026-21513 – MSHTML Framework Safety Characteristic Bypass Vulnerability
Microsoft has patched an actively exploited MSHTML security function bypass flaw in Home windows.
“Safety mechanism failure in MSHTML Framework permits an unauthorized attacker to bypass a security function over a community,” explains Microsoft.
There are not any particulars on how this was exploited.
This flaw was as soon as once more attributed to Microsoft Risk Intelligence Middle (MSTIC), Microsoft Safety Response Middle (MSRC), Workplace Product Group Safety Workforce, and Google Risk Intelligence Group.
CVE-2026-21514 – Microsoft Phrase Safety Characteristic Bypass Vulnerability
Microsoft has patched a security function bypass flaw in Microsoft Phrase that’s actively exploited.
“An attacker should ship a consumer a malicious Workplace file and persuade them to open it,” warns Microsoft’s advisory.
“This replace addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Workplace which shield customers from weak COM/OLE management,” continues Microsoft.
Microsoft says that the flaw can’t be exploited within the Workplace Preview Pane.
The flaw was once more attributed to Microsoft Risk Intelligence Middle (MSTIC), Microsoft Safety Response Middle (MSRC), Workplace Product Group Safety Workforce, Google Risk Intelligence Group, and an nameless researcher.
As no particulars have been launched, it’s unclear if CVE-2026-21510, CVE-2026-21513, and CVE-2026-21514 had been exploited in the identical marketing campaign.
CVE-2026-21519 – Desktop Window Supervisor Elevation of Privilege Vulnerability
Microsoft has patched an actively exploited elevation of privileges flaw within the Desktop Window Supervisor.
“An attacker who efficiently exploited this vulnerability might achieve SYSTEM privileges,” warns Microsoft.
No particulars have been shared on the way it was exploited.
Microsoft has attributed the invention of the flaw to Microsoft Risk Intelligence Middle (MSTIC) & Microsoft Safety Response Middle (MSRC).
CVE-2026-21525 – Home windows Distant Entry Connection Supervisor Denial of Service Vulnerability
Microsoft fastened an actively exploited denial of service flaw within the Home windows Distant Entry Connection Supervisor.
“Null pointer dereference in Home windows Distant Entry Connection Supervisor permits an unauthorized attacker to disclaim service domestically,’ explains Microsoft.
No particulars have been shared on why or how this flaw was exploited in assaults.
Microsoft has attributed the invention of the flaw to the 0patch vulnerability analysis staff.
CVE-2026-21533 – Home windows Distant Desktop Companies Elevation of Privilege Vulnerability
Microsoft has fastened an elevation of privileges in Home windows Distant Desktop Companies.
“Improper privilege administration in Home windows Distant Desktop permits a licensed attacker to raise privileges domestically,” explains Microsoft.
No particulars have been shared on how this flaw was exploited.
Microsoft has attributed the invention of the flaw to the Superior Analysis Workforce at CrowdStrike.
Of the six zero-days, CVE-2026-21513, CVE-2026-21510, and CVE-2026-21514 had been publicly disclosed.
Current updates from different corporations
Different distributors who launched updates or advisories in February 2026 embrace:
Whereas not a security replace, Microsoft has began rolling out built-in Sysmon performance in Home windows 11 insider builds, which many Home windows admins will discover helpful.
The February 2026 Patch Tuesday Safety Updates
Beneath is the entire record of resolved vulnerabilities within the February 2026 Patch Tuesday updates.
To entry the total description of every vulnerability and the programs it impacts, you possibly can view the full report right here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2026-21218 | .NET Spoofing Vulnerability | Vital |
| Azure Arc | CVE-2026-24302 | Azure Arc Elevation of Privilege Vulnerability | Essential |
| Azure Compute Gallery | CVE-2026-23655 | Microsoft ACI Confidential Containers Info Disclosure Vulnerability | Essential |
| Azure Compute Gallery | CVE-2026-21522 | Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability | Essential |
| Azure DevOps Server | CVE-2026-21512 | Azure DevOps Server Cross-Web site Scripting Vulnerability | Vital |
| Azure Entrance Door (AFD) | CVE-2026-24300 | Azure Entrance Door Elevation of Privilege Vulnerability | Essential |
| Azure Operate | CVE-2026-21532 | Azure Operate Info Disclosure Vulnerability | Essential |
| Azure HDInsights | CVE-2026-21529 | Azure HDInsight Spoofing Vulnerability | Vital |
| Azure IoT SDK | CVE-2026-21528 | Azure IoT Explorer Info Disclosure Vulnerability | Vital |
| Azure Native | CVE-2026-21228 | Azure Native Distant Code Execution Vulnerability | Vital |
| Azure SDK | CVE-2026-21531 | Azure SDK for Python Distant Code Execution Vulnerability | Vital |
| Desktop Window Supervisor | CVE-2026-21519 | Desktop Window Supervisor Elevation of Privilege Vulnerability | Vital |
| Github Copilot | CVE-2026-21516 | GitHub Copilot for Jetbrains Distant Code Execution Vulnerability | Vital |
| GitHub Copilot and Visible Studio | CVE-2026-21523 | GitHub Copilot and Visible Studio Code Distant Code Execution Vulnerability | Vital |
| GitHub Copilot and Visible Studio | CVE-2026-21256 | GitHub Copilot and Visible Studio Distant Code Execution Vulnerability | Vital |
| GitHub Copilot and Visible Studio | CVE-2026-21257 | GitHub Copilot and Visible Studio Elevation of Privilege Vulnerability | Vital |
| GitHub Copilot and Visible Studio Code | CVE-2026-21518 | GitHub Copilot and Visible Studio Code Safety Characteristic Bypass Vulnerability | Vital |
| Mailslot File System | CVE-2026-21253 | Mailslot File System Elevation of Privilege Vulnerability | Vital |
| Microsoft Defender for Linux | CVE-2026-21537 | Microsoft Defender for Endpoint Linux Extension Distant Code Execution Vulnerability | Vital |
| Microsoft Edge (Chromium-based) | CVE-2026-1861 | Chromium: CVE-2026-1861 Heap buffer overflow in libvpx | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2026-1862 | Chromium: CVE-2026-1862 Sort Confusion in V8 | Unknown |
| Microsoft Edge for Android | CVE-2026-0391 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | Reasonable |
| Microsoft Trade Server | CVE-2026-21527 | Microsoft Trade Server Spoofing Vulnerability | Vital |
| Microsoft Graphics Part | CVE-2026-21246 | Home windows Graphics Part Elevation of Privilege Vulnerability | Vital |
| Microsoft Graphics Part | CVE-2026-21235 | Home windows Graphics Part Elevation of Privilege Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2026-21261 | Microsoft Excel Info Disclosure Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2026-21258 | Microsoft Excel Info Disclosure Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2026-21259 | Microsoft Excel Elevation of Privilege Vulnerability | Vital |
| Microsoft Workplace Outlook | CVE-2026-21260 | Microsoft Outlook Spoofing Vulnerability | Vital |
| Microsoft Workplace Outlook | CVE-2026-21511 | Microsoft Outlook Spoofing Vulnerability | Vital |
| Microsoft Workplace Phrase | CVE-2026-21514 | Microsoft Phrase Safety Characteristic Bypass Vulnerability | Vital |
| MSHTML Framework | CVE-2026-21513 | MSHTML Framework Safety Characteristic Bypass Vulnerability | Vital |
| Energy BI | CVE-2026-21229 | Energy BI Distant Code Execution Vulnerability | Vital |
| Position: Home windows Hyper-V | CVE-2026-21244 | Home windows Hyper-V Distant Code Execution Vulnerability | Vital |
| Position: Home windows Hyper-V | CVE-2026-21255 | Home windows Hyper-V Safety Characteristic Bypass Vulnerability | Vital |
| Position: Home windows Hyper-V | CVE-2026-21248 | Home windows Hyper-V Distant Code Execution Vulnerability | Vital |
| Position: Home windows Hyper-V | CVE-2026-21247 | Home windows Hyper-V Distant Code Execution Vulnerability | Vital |
| Home windows Ancillary Operate Driver for WinSock | CVE-2026-21236 | Home windows Ancillary Operate Driver for WinSock Elevation of Privilege Vulnerability | Vital |
| Home windows Ancillary Operate Driver for WinSock | CVE-2026-21241 | Home windows Ancillary Operate Driver for WinSock Elevation of Privilege Vulnerability | Vital |
| Home windows Ancillary Operate Driver for WinSock | CVE-2026-21238 | Home windows Ancillary Operate Driver for WinSock Elevation of Privilege Vulnerability | Vital |
| Home windows App for Mac | CVE-2026-21517 | Home windows App for Mac Installer Elevation of Privilege Vulnerability | Vital |
| Home windows Cluster Shopper Failover | CVE-2026-21251 | Cluster Shopper Failover (CCF) Elevation of Privilege Vulnerability | Vital |
| Home windows Linked Gadgets Platform Service | CVE-2026-21234 | Home windows Linked Gadgets Platform Service Elevation of Privilege Vulnerability | Vital |
| Home windows GDI+ | CVE-2026-20846 | GDI+ Denial of Service Vulnerability | Vital |
| Home windows HTTP.sys | CVE-2026-21240 | Home windows HTTP.sys Elevation of Privilege Vulnerability | Vital |
| Home windows HTTP.sys | CVE-2026-21250 | Home windows HTTP.sys Elevation of Privilege Vulnerability | Vital |
| Home windows HTTP.sys | CVE-2026-21232 | Home windows HTTP.sys Elevation of Privilege Vulnerability | Vital |
| Home windows Kernel | CVE-2026-21231 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
| Home windows Kernel | CVE-2026-21222 | Home windows Kernel Info Disclosure Vulnerability | Vital |
| Home windows Kernel | CVE-2026-21239 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
| Home windows Kernel | CVE-2026-21245 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
| Home windows LDAP – Light-weight Listing Entry Protocol | CVE-2026-21243 | Home windows Light-weight Listing Entry Protocol (LDAP) Denial of Service Vulnerability | Vital |
| Home windows Notepad App | CVE-2026-20841 | Home windows Notepad App Distant Code Execution Vulnerability | Vital |
| Home windows NTLM | CVE-2026-21249 | Home windows NTLM Spoofing Vulnerability | Vital |
| Home windows Distant Entry Connection Supervisor | CVE-2026-21525 | Home windows Distant Entry Connection Supervisor Denial of Service Vulnerability | Reasonable |
| Home windows Distant Desktop | CVE-2026-21533 | Home windows Distant Desktop Companies Elevation of Privilege Vulnerability | Vital |
| Home windows Shell | CVE-2026-21510 | Home windows Shell Safety Characteristic Bypass Vulnerability | Vital |
| Home windows Storage | CVE-2026-21508 | Home windows Storage Elevation of Privilege Vulnerability | Vital |
| Home windows Subsystem for Linux | CVE-2026-21237 | Home windows Subsystem for Linux Elevation of Privilege Vulnerability | Vital |
| Home windows Subsystem for Linux | CVE-2026-21242 | Home windows Subsystem for Linux Elevation of Privilege Vulnerability | Vital |
| Home windows Win32K – GRFX | CVE-2023-2804 | Purple Hat, Inc. CVE-2023-2804: Heap Primarily based Overflow libjpeg-turbo | Vital |
Trendy IT infrastructure strikes sooner than handbook workflows can deal with.
On this new Tines information, learn the way your staff can scale back hidden handbook delays, enhance reliability by way of automated response, and construct and scale clever workflows on high of instruments you already use.
