Introduction
Microsoft on February 10-11, 2026 rolled out its monthly Patch Tuesday security updates, addressing a total of 59 software vulnerabilities across its ecosystem, including six that were already being actively exploited in the wild before patches were available.
Key Highlights
The update covers bugs across Windows, Office, Remote Desktop Services, MSHTML, and more.
Of the 59 vulnerabilities patched:
- 5 are rated Critical,
- 52 Important, and
- 2 Moderate in severity.
Six zero-day vulnerabilities were actively exploited by attackers prior to the patch release an unusually high number for a single patch cycle, matching levels seen in previous high-risk months.
Actively Exploited Vulnerabilities of Concern
Microsoft and security researchers have confirmed that these six zero-day flaws were being exploited in real attacks:
- CVE-2026-21510 — Windows Shell security bypass allowing remote attackers to flank SmartScreen protections.
- CVE-2026-21513 — MSHTML security bypass impacting legacy HTML rendering components.
- CVE-2026-21514 — Microsoft Word security bypass via crafted Office content.
- CVE-2026-21519 — Desktop Window Manager privilege escalation.
- CVE-2026-21525 — Remote Access Connection Manager denial-of-service.
- CVE-2026-21533 — Windows Remote Desktop privilege escalation.
These exploits span security bypass, privilege escalation, denial-of-service and highlight practical threats facing Windows users and enterprise environments.
Severity and Risk Profile
- The vulnerability breakdown shows privilege escalation and remote code execution as dominant categories among patched bugs, illustrating the wide attack surface affected this cycle.
- Several bugs were already publicly known prior to patching, meaning attackers had insight into how to exploit them before mitigations were released.
Broader Patch Landscape
This month’s patches coincide with broader coordinated responses from other software vendors including fixes for critical flaws in products like SAP and Adobe underscoring a particularly active threat environment this February.
Outlook for Security Teams
Security administrators and organizations are strongly advised to prioritize deploying these updates immediately, especially on systems exposed to internet-facing services like Remote Desktop or email clients. The high number of actively exploited zero-days amplifies risk for both endpoint and enterprise networks.
Sources
- The Hacker News – Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days
https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html - CyberScoop – Microsoft Patch Tuesday Matches Last Year’s Zero-Day High
https://cyberscoop.com/microsoft-patch-tuesday-february-2026/ - Cisco Talos – Microsoft Patch Tuesday February 2026 Advisory
https://blog.talosintelligence.com/microsoft-patch-tuesday-february-2026/
