Patch Now: Microsoft Fixed 6 Zero-Days in The Patch Tuesday Updates

Published Date: February 11, 2026
Category: ShadowOpsIntel
Share:

Microsoft’s February 2026 Patch Tuesday addresses 58 security vulnerabilities, including six actively exploited zero-day flaws. The zero-days include security feature bypasses in Windows Shell (CVE-2026-21510), MSHTML (CVE-2026-21513), and Microsoft Word (CVE-2026-21514), as well as elevation-of-privilege flaws in Desktop Window Manager (CVE-2026-21519) and Windows Remote Desktop Services (CVE-2026-21533), and a denial-of-service vulnerability in Windows Remote Access Connection Manager (CVE-2026-21525).

Severity: High

The Six Actively Exploited Zero-Days

1. CVE-2026-21510 (CVSS Score: 8.8) – Windows Shell Security Feature Bypass

  • Allows bypass of Windows SmartScreen and Windows Shell security prompts.
  • Triggered by opening a malicious link or shortcut file.
  • Impacts all supported Windows versions.
  • Likely enables bypass of Mark-of-the-Web (MoTW) protections.

2. CVE-2026-21513 (CVSS Score: 8.8) – MSHTML Security Feature Bypass

  • Affects the legacy browser rendering engine in Windows.
  • Allows bypass of security mechanisms over a network by tricking a user to open a malicious HTML file or shortcut (.lnk) file.
  • Actively exploited; no exploitation details publicly released.

3. CVE-2026-21514 (CVSS Score: 7.8) – Microsoft Word Security Feature Bypass

  • Allows bypass of OLE mitigations in Microsoft 365 and Office.
  • Exploitation requires the user to open a malicious Office file.
  • Cannot be exploited via Preview Pane.

4. CVE-2026-21519 (CVSS Score: 7.8) – Desktop Window Manager Elevation of Privilege

  • DWM is a core Windows graphical component. Allows attackers to escalate to SYSTEM privileges.
  • This bug is actively exploited and can be paired with a code execution bug to take over a system.

5. CVE-2026-21525 (CVSS Score: 6.2) – Windows Remote Access Connection Manager DoS

  • A null pointer dereference vulnerability.
  • An unauthorized attacker can produce local denial-of-service impacting VPN connectivity.
  • Exploit was discovered in a public malware repository by Kolsek while searching for an exploit for CVE-2025-59230.

6. CVE-2026-21533 (CVSS Score: 7.8) – Windows Remote Desktop Services EoP

  • Allows authorized attackers to elevate privileges locally.
  • Exploit binary modifies service configuration keys and enables actors to add a new user to the Administrator group.

Additional High-Risk Areas

Beyond the zero-days, Microsoft patched:

  • 12 Remote Code Execution vulnerabilities
  • 25 Elevation of Privilege vulnerabilities
  • 5 Security Feature Bypass vulnerabilities
  • Multiple Azure, Hyper-V, Kernel, Exchange, and Office flaws

Critical Azure-related vulnerabilities include privilege escalation and information disclosure issues affecting Azure Arc, Azure Front Door, and Azure Function .
GitHub Copilot and IDE-related RCE vulnerabilities (CVE-2026-21516, CVE-2026-21523, CVE-2026-21256) stem from command injection and prompt injection risks within AI-assisted development workflows.

Recommendations

  1. Deploy February 2026 cumulative updates across all Windows endpoints and servers.
  2. Prioritize systems exposed to internet-facing RDP, VPN, and Office usage.
  3. Restrict RDP exposure via firewall rules and conditional access.
  4. Review AI-assisted coding workflows.
  5. Enforce least privilege for developers using GitHub Copilot and related IDE integrations.

Source:

  • https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-21510
  • https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-21513
  • https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-21514
  • https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-21519
  • https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-21525
  • https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-21533
  • https://krebsonsecurity.com/2026/02/patch-tuesday-february-2026-edition/
  • https://www.zerodayinitiative.com/blog/2026/2/10/the-february-2026-security-update-review
  • https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2026-patch-tuesday-fixes-6-zero-days-58-flaws/

    Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

    No related posts found.

    Ampcus Cyber
    Privacy Overview

    This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

     Talk to an expert