Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days
4 min. read 
Updated on
Microsoft has released its February 2026 Patch Tuesday security updates to fix 59 software vulnerabilities, including six zero-day flaws that have been exploited in the wild. These updates cover Windows, Office, Azure services, and other core Microsoft products.
The flaws span a broad range of risk types. Elevation of privilege bugs make up the largest group, followed by remote code execution, spoofing, information disclosure, denial-of-service, and cross-site scripting issues.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added all six of the exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal civilian agencies to apply patches by March 3, 2026.
Actively Exploited Zero-Day Vulnerabilities Patched
Microsoft identified six zero-day vulnerabilities that were actively targeted before fixes became available. Some were already publicly disclosed prior to patch release.
| CVE Identifier | Type | Impact |
|---|---|---|
| CVE-2026-21510 | Security feature bypass | Exploits Windows Shell and SmartScreen protection prompts |
| CVE-2026-21513 | Security feature bypass | Affects MSHTML framework used in web content rendering |
| CVE-2026-21514 | Security feature bypass | Bypasses protections in Microsoft Word |
| CVE-2026-21519 | Elevation of privilege | Desktop Window Manager privilege escalation |
| CVE-2026-21533 | Elevation of privilege | Windows Remote Desktop Services privilege escalation |
| CVE-2026-21525 | Denial of service | Windows Remote Access Connection Manager DoS |
These flaws range from security feature bypasses that let attackers trick systems into running harmful content to elevation of privilege and denial-of-service bugs that can help attackers deepen their control of a compromised system.
Expert Commentary on Exploited Flaws
Security researchers are sounding urgent warnings about the impact of these bugs if left unpatched.
“Security feature bypass vulnerabilities significantly increase the success rate of phishing and malware campaigns,” said Jack Bicer, director of vulnerability research at Action1. “In enterprise environments, this flaw can lead to unauthorized code execution, malware deployment, credential theft, and system compromise.”
Experts note that some of these vulnerabilities, like the MSHTML security bypass, affect components still found in many corporate environments and are frequently targeted through email and web-based social engineering.
Full Patch Breakdown Across Products
The 59 vulnerabilities fixed in this update include a mix of severity levels and affected products:
- Elevation of Privilege: 25
- Remote Code Execution: 12
- Security Feature Bypass: 5
- Spoofing: 7
- Information Disclosure: 6
- Denial-of-Service: 3
- Cross-Site Scripting: 1
These issues were found across a variety of Microsoft products, including Windows, Office suite components, and cloud platforms such as Azure.
New Secure Boot Certificates and System Protections
Alongside the vulnerability patches, Microsoft is rolling out updated Secure Boot certificates. These new certificates replace the original 2011 certificates set to expire in June 2026. If a device does not receive the updated certificates, it will still boot but will operate in a degraded security state, which could leave it open to future boot-level attacks.
Microsoft explained the reasoning behind this update:
“With this update, Windows quality updates include a broad set of targeting data that identifies devices and their ability to receive new Secure Boot certificates. Devices will receive the new certificates only after they show sufficient successful update signals, which helps ensure a safe and phased rollout,” the company said in its update notes.
The Secure Boot enhancements are part of a broader effort to strengthen Windows integrity at boot time and protect against low-level attacks before the operating system loads.
Windows Baseline Security Mode and User Transparency
Microsoft is also enhancing default protections through initiatives designed to improve runtime integrity and user control.
Windows Baseline Security Mode aims to enable runtime integrity safeguards by default, which allow only properly signed applications to run, reducing risk from tampered or unauthorized software.
User Transparency and Consent will introduce clearer prompts when applications request access to sensitive resources like files or cameras. Microsoft said these changes are intended to give users and administrators better visibility and control over app behavior.
“These prompts are designed to be clear and actionable, and you’ll always have the ability to review and change your choices later,” said Logan Iyer, Distinguished Engineer at Microsoft.
These protections mirror modern consent systems seen in other operating systems, providing a more consistent user experience while maintaining security.
FAQ: February 2026 Patch Tuesday
Microsoft patched 59 vulnerabilities in its February 2026 updates.
There were six actively exploited zero-day vulnerabilities addressed.
A security feature bypass allows attackers to evade built-in protections, such as SmartScreen or OLE mitigations, often by tricking users into opening malicious content.
Yes. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added all six to its Known Exploited Vulnerabilities (KEV) catalog, indicating real-world exploitation.
Install the February Patch Tuesday updates immediately, update Secure Boot certificates, and review systems for any unusual activity or signs of compromise.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages