In the present day is Microsoft’s February 2026 Patch Tuesday with safety updates for 58 flaws, together with 6 actively exploited and three publicly disclosed zero-day vulnerabilities.
This Patch Tuesday additionally addresses 5 “Critical” vulnerabilities, 3 of that are elevation of privileges flaws and a pair of info disclosure flaws.
The variety of bugs in every vulnerability class is listed beneath:
- 25 Elevation of Privilege vulnerabilities
- 5 Safety Function Bypass vulnerabilities
- 12 Distant Code Execution vulnerabilities
- 6 Info Disclosure vulnerabilities
- 3 Denial of Service vulnerabilities
- 7 Spoofing vulnerabilities
When BleepingComputer reviews on Patch Tuesday safety updates, we solely depend these launched by Microsoft as we speak. Subsequently, the variety of flaws doesn’t embrace 3 Microsoft Edge flaws fastened earlier this month.
As a part of these updates, Microsoft has additionally begun to roll out up to date Safe Boot certificates to exchange the unique 2011 certificates which can be expiring in late June 2026.
“With this update, Windows quality updates include a broad set of targeting data that identifies devices and their ability to receive new Secure Boot certificates,” explains Microsoft within the Home windows 11 replace notes.
“Devices will receive the new certificates only after they show sufficient successful update signals, which helps ensures a safe and phased rollout.”
To be taught extra concerning the non-security updates launched as we speak, you’ll be able to evaluate our devoted articles on the Home windows 11 KB5077181 & KB5075941 cumulative updates.
6 actively exploited zero-days
This month’s Patch Tuesday fixes six actively exploited vulnerabilities, three of that are publicly disclosed.
Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited whereas no official repair is obtainable.
The six actively exploited zero-days are:
CVE-2026-21510 – Home windows Shell Safety Function Bypass Vulnerability
Microsoft has patched an actively exploited Home windows safety characteristic bypass that may be triggered by opening a specifically crafted hyperlink or shortcut file.
“To successfully exploit this vulnerability, an attacker must convince a user to open a malicious link or shortcut file.” explains Microsoft.
“An attacker could bypass Windows SmartScreen and Windows Shell security prompts by exploiting improper handling in Windows Shell components, allowing attacker‑controlled content to execute without user warning or consent,” continued Microsoft.
Whereas Microsoft has not shared additional particulars, it seemingly permits attackers to bypass the Mark of the Net (MoTW) safety warnings.
Microsoft has attributed the invention of the flaw to Microsoft Menace Intelligence Middle (MSTIC), Microsoft Safety Response Middle (MSRC), Workplace Product Group Safety Workforce, Google Menace Intelligence Group, and an nameless researcher.
CVE-2026-21513 – MSHTML Framework Safety Function Bypass Vulnerability
Microsoft has patched an actively exploited MSHTML safety characteristic bypass flaw in Home windows.
“Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network,” explains Microsoft.
There are not any particulars on how this was exploited.
This flaw was as soon as once more attributed to Microsoft Menace Intelligence Middle (MSTIC), Microsoft Safety Response Middle (MSRC), Workplace Product Group Safety Workforce, and Google Menace Intelligence Group.
CVE-2026-21514 – Microsoft Phrase Safety Function Bypass Vulnerability
Microsoft has patched a safety characteristic bypass flaw in Microsoft Phrase that’s actively exploited.
“An attacker must send a user a malicious Office file and convince them to open it,” warns Microsoft’s advisory.
“This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE control,” continues Microsoft.
Microsoft says that the flaw can’t be exploited within the Workplace Preview Pane.
The flaw was once more attributed to Microsoft Menace Intelligence Middle (MSTIC), Microsoft Safety Response Middle (MSRC), Workplace Product Group Safety Workforce, Google Menace Intelligence Group, and an nameless researcher.
As no particulars have been launched, it’s unclear if CVE-2026-21510, CVE-2026-21513, and CVE-2026-21514 have been exploited in the identical marketing campaign.
CVE-2026-21519 – Desktop Window Supervisor Elevation of Privilege Vulnerability
Microsoft has patched an actively exploited elevation of privileges flaw within the Desktop Window Supervisor.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” warns Microsoft.
No particulars have been shared on the way it was exploited.
Microsoft has attributed the invention of the flaw to Microsoft Menace Intelligence Middle (MSTIC) & Microsoft Safety Response Middle (MSRC).
CVE-2026-21525 – Home windows Distant Entry Connection Supervisor Denial of Service Vulnerability
Microsoft fastened an actively exploited denial of service flaw within the Home windows Distant Entry Connection Supervisor.
“Null pointer dereference in Home windows Distant Entry Connection Supervisor permits an unauthorized attacker to disclaim service domestically,’ explains Microsoft.
No particulars have been shared on why or how this flaw was exploited in assaults.
Microsoft has attributed the invention of the flaw to the 0patch vulnerability analysis group.
CVE-2026-21533 – Home windows Distant Desktop Providers Elevation of Privilege Vulnerability
Microsoft has fastened an elevation of privileges in Home windows Distant Desktop Providers.
“Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally,” explains Microsoft.
No particulars have been shared on how this flaw was exploited.
Microsoft has attributed the invention of the flaw to the Superior Analysis Workforce at CrowdStrike.
Of the six zero-days, CVE-2026-21513, CVE-2026-21510, and CVE-2026-21514 have been publicly disclosed.
Latest updates from different corporations
Different distributors who launched updates or advisories in February 2026 embrace:
Whereas not a safety replace, Microsoft has began rolling out built-in Sysmon performance in Home windows 11 insider builds, which many Home windows admins will discover helpful.
The February 2026 Patch Tuesday Safety Updates
Beneath is the whole checklist of resolved vulnerabilities within the February 2026 Patch Tuesday updates.
To entry the total description of every vulnerability and the techniques it impacts, you’ll be able to view the full report right here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2026-21218 | .NET Spoofing Vulnerability | Essential |
| Azure Arc | CVE-2026-24302 | Azure Arc Elevation of Privilege Vulnerability | Vital |
| Azure Compute Gallery | CVE-2026-23655 | Microsoft ACI Confidential Containers Info Disclosure Vulnerability | Vital |
| Azure Compute Gallery | CVE-2026-21522 | Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability | Vital |
| Azure DevOps Server | CVE-2026-21512 | Azure DevOps Server Cross-Website Scripting Vulnerability | Essential |
| Azure Entrance Door (AFD) | CVE-2026-24300 | Azure Entrance Door Elevation of Privilege Vulnerability | Vital |
| Azure Operate | CVE-2026-21532 | Azure Operate Info Disclosure Vulnerability | Vital |
| Azure HDInsights | CVE-2026-21529 | Azure HDInsight Spoofing Vulnerability | Essential |
| Azure IoT SDK | CVE-2026-21528 | Azure IoT Explorer Info Disclosure Vulnerability | Essential |
| Azure Native | CVE-2026-21228 | Azure Native Distant Code Execution Vulnerability | Essential |
| Azure SDK | CVE-2026-21531 | Azure SDK for Python Distant Code Execution Vulnerability | Essential |
| Desktop Window Supervisor | CVE-2026-21519 | Desktop Window Supervisor Elevation of Privilege Vulnerability | Essential |
| Github Copilot | CVE-2026-21516 | GitHub Copilot for Jetbrains Distant Code Execution Vulnerability | Essential |
| GitHub Copilot and Visible Studio | CVE-2026-21523 | GitHub Copilot and Visible Studio Code Distant Code Execution Vulnerability | Essential |
| GitHub Copilot and Visible Studio | CVE-2026-21256 | GitHub Copilot and Visible Studio Distant Code Execution Vulnerability | Essential |
| GitHub Copilot and Visible Studio | CVE-2026-21257 | GitHub Copilot and Visible Studio Elevation of Privilege Vulnerability | Essential |
| GitHub Copilot and Visible Studio Code | CVE-2026-21518 | GitHub Copilot and Visible Studio Code Safety Function Bypass Vulnerability | Essential |
| Mailslot File System | CVE-2026-21253 | Mailslot File System Elevation of Privilege Vulnerability | Essential |
| Microsoft Defender for Linux | CVE-2026-21537 | Microsoft Defender for Endpoint Linux Extension Distant Code Execution Vulnerability | Essential |
| Microsoft Edge (Chromium-based) | CVE-2026-1861 | Chromium: CVE-2026-1861 Heap buffer overflow in libvpx | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2026-1862 | Chromium: CVE-2026-1862 Sort Confusion in V8 | Unknown |
| Microsoft Edge for Android | CVE-2026-0391 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | Average |
| Microsoft Alternate Server | CVE-2026-21527 | Microsoft Alternate Server Spoofing Vulnerability | Essential |
| Microsoft Graphics Part | CVE-2026-21246 | Home windows Graphics Part Elevation of Privilege Vulnerability | Essential |
| Microsoft Graphics Part | CVE-2026-21235 | Home windows Graphics Part Elevation of Privilege Vulnerability | Essential |
| Microsoft Workplace Excel | CVE-2026-21261 | Microsoft Excel Info Disclosure Vulnerability | Essential |
| Microsoft Workplace Excel | CVE-2026-21258 | Microsoft Excel Info Disclosure Vulnerability | Essential |
| Microsoft Workplace Excel | CVE-2026-21259 | Microsoft Excel Elevation of Privilege Vulnerability | Essential |
| Microsoft Workplace Outlook | CVE-2026-21260 | Microsoft Outlook Spoofing Vulnerability | Essential |
| Microsoft Workplace Outlook | CVE-2026-21511 | Microsoft Outlook Spoofing Vulnerability | Essential |
| Microsoft Workplace Phrase | CVE-2026-21514 | Microsoft Phrase Safety Function Bypass Vulnerability | Essential |
| MSHTML Framework | CVE-2026-21513 | MSHTML Framework Safety Function Bypass Vulnerability | Essential |
| Energy BI | CVE-2026-21229 | Energy BI Distant Code Execution Vulnerability | Essential |
| Function: Home windows Hyper-V | CVE-2026-21244 | Home windows Hyper-V Distant Code Execution Vulnerability | Essential |
| Function: Home windows Hyper-V | CVE-2026-21255 | Home windows Hyper-V Safety Function Bypass Vulnerability | Essential |
| Function: Home windows Hyper-V | CVE-2026-21248 | Home windows Hyper-V Distant Code Execution Vulnerability | Essential |
| Function: Home windows Hyper-V | CVE-2026-21247 | Home windows Hyper-V Distant Code Execution Vulnerability | Essential |
| Home windows Ancillary Operate Driver for WinSock | CVE-2026-21236 | Home windows Ancillary Operate Driver for WinSock Elevation of Privilege Vulnerability | Essential |
| Home windows Ancillary Operate Driver for WinSock | CVE-2026-21241 | Home windows Ancillary Operate Driver for WinSock Elevation of Privilege Vulnerability | Essential |
| Home windows Ancillary Operate Driver for WinSock | CVE-2026-21238 | Home windows Ancillary Operate Driver for WinSock Elevation of Privilege Vulnerability | Essential |
| Home windows App for Mac | CVE-2026-21517 | Home windows App for Mac Installer Elevation of Privilege Vulnerability | Essential |
| Home windows Cluster Consumer Failover | CVE-2026-21251 | Cluster Consumer Failover (CCF) Elevation of Privilege Vulnerability | Essential |
| Home windows Related Gadgets Platform Service | CVE-2026-21234 | Home windows Related Gadgets Platform Service Elevation of Privilege Vulnerability | Essential |
| Home windows GDI+ | CVE-2026-20846 | GDI+ Denial of Service Vulnerability | Essential |
| Home windows HTTP.sys | CVE-2026-21240 | Home windows HTTP.sys Elevation of Privilege Vulnerability | Essential |
| Home windows HTTP.sys | CVE-2026-21250 | Home windows HTTP.sys Elevation of Privilege Vulnerability | Essential |
| Home windows HTTP.sys | CVE-2026-21232 | Home windows HTTP.sys Elevation of Privilege Vulnerability | Essential |
| Home windows Kernel | CVE-2026-21231 | Home windows Kernel Elevation of Privilege Vulnerability | Essential |
| Home windows Kernel | CVE-2026-21222 | Home windows Kernel Info Disclosure Vulnerability | Essential |
| Home windows Kernel | CVE-2026-21239 | Home windows Kernel Elevation of Privilege Vulnerability | Essential |
| Home windows Kernel | CVE-2026-21245 | Home windows Kernel Elevation of Privilege Vulnerability | Essential |
| Home windows LDAP – Light-weight Listing Entry Protocol | CVE-2026-21243 | Home windows Light-weight Listing Entry Protocol (LDAP) Denial of Service Vulnerability | Essential |
| Home windows Notepad App | CVE-2026-20841 | Home windows Notepad App Distant Code Execution Vulnerability | Essential |
| Home windows NTLM | CVE-2026-21249 | Home windows NTLM Spoofing Vulnerability | Essential |
| Home windows Distant Entry Connection Supervisor | CVE-2026-21525 | Home windows Distant Entry Connection Supervisor Denial of Service Vulnerability | Average |
| Home windows Distant Desktop | CVE-2026-21533 | Home windows Distant Desktop Providers Elevation of Privilege Vulnerability | Essential |
| Home windows Shell | CVE-2026-21510 | Home windows Shell Safety Function Bypass Vulnerability | Essential |
| Home windows Storage | CVE-2026-21508 | Home windows Storage Elevation of Privilege Vulnerability | Essential |
| Home windows Subsystem for Linux | CVE-2026-21237 | Home windows Subsystem for Linux Elevation of Privilege Vulnerability | Essential |
| Home windows Subsystem for Linux | CVE-2026-21242 | Home windows Subsystem for Linux Elevation of Privilege Vulnerability | Essential |
| Home windows Win32K – GRFX | CVE-2023-2804 | Crimson Hat, Inc. CVE-2023-2804: Heap Based mostly Overflow libjpeg-turbo | Essential |
Trendy IT infrastructure strikes quicker than handbook workflows can deal with.
On this new Tines information, learn the way your group can scale back hidden handbook delays, enhance reliability by means of automated response, and construct and scale clever workflows on prime of instruments you already use.
