Skip to main content
Mallory
Mallory

Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates

patch tuesdaysecure bootzero-daysecurity feature bypasscertificateswindows 11microsoftwindowsexploitremote code executionvulnerability
Updated February 11, 2026 at 02:06 PM11 sources
Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates

Get Ahead of Threats Like This

Know if you're exposed — before adversaries strike.

Microsoft released its February 2026 Patch Tuesday security updates, addressing 54–58 vulnerabilities across Windows and other Microsoft products, including six zero-days that were publicly disclosed and/or actively exploited prior to patch availability. Reported zero-days include CVE-2026-21514 (Office Word security feature bypass), CVE-2026-21513 (MSHTML security feature bypass), CVE-2026-21510 (Windows Shell security feature bypass), CVE-2026-21533 (Windows Remote Desktop Services elevation of privilege), CVE-2026-21525 (Windows Remote Access Connection Manager DoS), and CVE-2026-21519 (Desktop Window Manager elevation of privilege). The broader release spans common bug classes such as RCE, EoP, information disclosure, spoofing, DoS, and security feature bypass, with multiple Critical issues also called out, including Azure Compute Gallery flaws impacting ACI Confidential Containers (CVE-2026-23655, CVE-2026-21522).

As part of the February Windows updates, Microsoft also began a phased rollout of updated Secure Boot certificates to replace the original 2011 certificates ahead of their expiration in late June 2026, using “targeting data” and “successful update signals” to control deployment. Windows 11 cumulative updates (including KB5077181 and KB5075941) were released as mandatory Patch Tuesday packages for supported Windows 11 versions, bundling the security fixes alongside additional reliability and feature changes. Separately, Adobe issued February security bulletins covering 44 CVEs across multiple Creative Cloud products; those Adobe issues were not listed as publicly known or under active attack at release.

Related Entities

Vulnerabilities

Windows Shell SmartScreen Security Feature Bypass (CVE-2026-21510)MSHTML Framework Security Feature Bypass via LNK/HTML Navigation (CVE-2026-21513)Elevation of Privilege in Windows Desktop Window Manager (CVE-2026-21519)Microsoft Word OLE Security Feature Bypass (CVE-2026-21514)Elevation of Privilege in Windows Remote Desktop Services (CVE-2026-21533)Microsoft Office Security Feature Bypass (CVE-2026-21509)Null Pointer Dereference DoS in Windows Remote Access Connection Manager (CVE-2026-21525)CVE-2026-24300Security feature bypass in Windows Hyper-V (improper access control) (CVE-2026-21255)CVE-2026-24302Azure Function Information Disclosure Vulnerability (CVE-2026-21532)CVE-2026-21259CVE-2026-21250Out-of-bounds read information disclosure in Microsoft Office Excel (CVE-2026-21261)CVE-2026-21260Information Disclosure in Azure Compute Gallery / Microsoft ACI Confidential Containers (CVE-2026-23655)Local information disclosure in Microsoft Office Excel (improper input validation) (CVE-2026-21258)Spoofing in Microsoft Exchange Server InterceptorSmtpAgent (CVE-2026-21527)Command Injection in Azure Compute Gallery / Microsoft ACI Confidential Containers (CVE-2026-21522)Windows Storage (windows.storage.dll) local elevation of privilege via improper authentication (CVE-2026-21508)CVE-2026-21247CVE-2026-21244Heap-based buffer overflow in Windows Hyper-V (local code execution) (CVE-2026-21248)Authenticated RCE in n8n Workflow Expression Evaluation (CVE-2025-68613)RCE via unsafe deserialization in Azure SDK (Azure SDK for Python) (CVE-2026-21531)Windows Kernel Sensitive Information Disclosure via Log File Insertion (CVE-2026-21222)Code injection RCE in Microsoft Defender for Linux (Defender for Endpoint Linux extension) (CVE-2026-21537)Elevation of Privilege Race Condition in Windows Kernel (CVE-2026-21231)Local privilege escalation via link following in Windows App for Mac (CVE-2026-21517)

Organizations

Microsoft CorporationSAPGoogleGitHubACROS SecurityBeyondtrustAdobe

Affected Products

Microsoft OfficeMicrosoft Defender For EndpointWindowsWindows ServerWindows 11Azure Front DoorInternet ExplorerGithub CopilotAzure Devops ServerWindows ShellAzure Iot ExplorerAzure FunctionsAzure ArcAzure SdkOffice Online ServerAzure LocalNetNetVisual Studio CodeAndroidAndroidAndroidAndroidAzure Compute Gallery

Sources

cyber security news
Microsoft Releases Critical Windows 11 Cumulative Updates for Versions 25H2, 24H2, and 23H2
February 11, 2026 at 12:19 PM
security affairs
Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days
February 10, 2026 at 10:31 PM
cyberscoop
Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities | CyberScoop
February 10, 2026 at 08:50 PM
ca ccs
Microsoft security advisory - February 2026 monthly rollup (AV26-111) - Canadian Centre for Cyber Security
February 10, 2026 at 08:22 PM
cyber security news
Microsoft Patch Tuesday February 2026 - 54 Vulnerabilities Fixed, Including 6 Zero-days
February 10, 2026 at 06:11 PM

5 more from sources like bleeping computer, dark reading, krebs on security and talos intelligence blog

Related Stories

Microsoft March Patch Tuesday Ships 83 Fixes and Windows 11 Cumulative Updates

Microsoft March Patch Tuesday Ships 83 Fixes and Windows 11 Cumulative Updates

Microsoft’s March Patch Tuesday security release shipped fixes for **83 vulnerabilities** across its enterprise software and services, and was notable for having **no actively exploited zero-days** for the first time in six months. Microsoft flagged **six** vulnerabilities as “more likely to be exploited,” and noted two issues—`CVE-2026-21262` and `CVE-2026-26127`—were **publicly known** at release. Researchers highlighted an Excel information-disclosure issue, `CVE-2026-26144`, describing a scenario where an attacker could potentially induce a *Copilot Agent* to exfiltrate data in a **zero-click** style workflow, and also pointed to Office flaws `CVE-2026-26110` and `CVE-2026-26113` (CVSS 8.4) that could enable **arbitrary code execution** via the Office preview pane. Microsoft also released **mandatory Windows 11 cumulative updates** `KB5079473` (25H2/24H2) and `KB5078883` (23H2) that incorporate the March 2026 Patch Tuesday security fixes, along with additional non-security changes. The updates advance build numbers to **26200.8037/26100.8037** (25H2/24H2) and **22631.6783** (23H2), expand “high-confidence device targeting” to increase coverage for automatic delivery of new **Secure Boot certificates**, and include reliability improvements such as better File Explorer search across drives and changes to **Windows Defender Application Control (WDAC)** behavior for COM objects (policy listing support).

4 days ago
Microsoft Patch Tuesday Fixes Six Actively Exploited Zero-Days Including Windows Shell SmartScreen Bypass

Microsoft Patch Tuesday Fixes Six Actively Exploited Zero-Days Including Windows Shell SmartScreen Bypass

Microsoft released its February Patch Tuesday security updates addressing **~58–59 vulnerabilities** across Windows and other products, including **six zero-day flaws confirmed as actively exploited in the wild** and **five Critical** issues. Reported vulnerability classes were led by **Elevation of Privilege (25)**, followed by **Remote Code Execution (12)** and **Security Feature Bypass (5)**, with additional fixes for spoofing, information disclosure, DoS, and XSS; Microsoft also noted additional *Edge* fixes shipped outside the prior Patch Tuesday cadence, including an Android spoofing issue (`CVE-2026-0391`). One of the actively exploited zero-days highlighted across reporting is `CVE-2026-21510`, a **Windows Shell security feature bypass** that can be abused to evade **Mark-of-the-Web/SmartScreen-style warnings** by using specially crafted files (e.g., shortcut/link formats) so that untrusted content can execute without expected prompts, making it well-suited to phishing and social-engineering delivery. Separate coverage also noted Microsoft’s rollout of **updated Secure Boot certificates** ahead of the June 2026 expiration of legacy 2011 certificates, a change with broad implications for Windows boot integrity and enterprise device management.

1 months ago
February 2026 Patch Tuesday Security Updates for Microsoft Windows and Adobe Products

February 2026 Patch Tuesday Security Updates for Microsoft Windows and Adobe Products

Microsoft and Adobe released their **February 2026 Patch Tuesday** security updates, with Microsoft addressing **58 vulnerabilities** and reporting **six actively exploited zero-day flaws** as part of the month’s fixes. Microsoft also continued its rollout of **replacements for expiring Secure Boot certificates** and shipped the Windows 10 **KB5075912** Extended Security Update (ESU) for eligible systems (e.g., Windows 10 Enterprise LTSC and ESU-enrolled devices), updating builds to **19045.6937** (Windows 10) and **19044.6937** (LTSC 2021). In addition to security fixes, KB5075912 includes reliability remediation for an issue where some **Secure Launch-capable** PCs with **VSM** enabled could not shut down or hibernate after January 2026 security updates. Adobe published **nine security bulletins** covering **44 CVEs** across products including *After Effects, Audition, InDesign, Adobe Bridge, Lightroom Classic,* and multiple *Substance 3D* applications, with several issues rated **Critical** and potentially leading to **code execution** (notably in *After Effects* and *Substance 3D Stager*). Adobe stated that, at release time, none of the addressed vulnerabilities were listed as publicly known or under active attack, contrasting with Microsoft’s disclosure of in-the-wild exploitation for multiple zero-days in the same Patch Tuesday cycle.

1 months ago

Get Ahead of Threats Like This

Mallory continuously monitors global threat intelligence and correlates it with your attack surface. Know if you're exposed — before adversaries strike.