Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to intelligence
widely-deployed-product-advisoryactively-exploited-vulnerabilityendpoint-software-vulnerabilitycloud-service-vulnerability

Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates

Updated 3mo agoFirst seen Feb 10, 202611 sources

Microsoft released its February 2026 Patch Tuesday security updates, addressing 54–58 vulnerabilities across Windows and other Microsoft products, including six zero-days that were publicly disclosed and/or actively exploited prior to patch availability. Reported zero-days include CVE-2026-21514 (Office Word security feature bypass), CVE-2026-21513 (MSHTML security feature bypass), CVE-2026-21510 (Windows Shell security feature bypass), CVE-2026-21533 (Windows Remote Desktop Services elevation of privilege), CVE-2026-21525 (Windows Remote Access Connection Manager DoS), and CVE-2026-21519 (Desktop Window Manager elevation of privilege). The broader release spans common bug classes such as RCE, EoP, information disclosure, spoofing, DoS, and security feature bypass, with multiple Critical issues also called out, including Azure Compute Gallery flaws impacting ACI Confidential Containers (CVE-2026-23655, CVE-2026-21522).

As part of the February Windows updates, Microsoft also began a phased rollout of updated Secure Boot certificates to replace the original 2011 certificates ahead of their expiration in late June 2026, using “targeting data” and “successful update signals” to control deployment. Windows 11 cumulative updates (including KB5077181 and KB5075941) were released as mandatory Patch Tuesday packages for supported Windows 11 versions, bundling the security fixes alongside additional reliability and feature changes. Separately, Adobe issued February security bulletins covering 44 CVEs across multiple Creative Cloud products; those Adobe issues were not listed as publicly known or under active attack at release.

Share:
Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

Start free trial
EVENT TIMELINE

How this story unfolded

7 events from the most recent confirmed update back to the earliest known activity.

7 EVENTS
Feb 10, 20264mo ago

Cisco Talos publishes Snort coverage for February Microsoft flaws

Cisco Talos announced updated Snort rules to help detect exploitation attempts related to some of the vulnerabilities addressed in Microsoft's February 2026 Patch Tuesday release. The guidance accompanied Talos' review of the month's prominent Microsoft vulnerabilities.

Canadian Centre for Cyber Security issues February Microsoft advisory

On 2026-02-10, the Canadian Centre for Cyber Security published advisory AV26-111 summarizing Microsoft's February security updates. The advisory highlighted the six actively exploited CVEs and urged administrators to review Microsoft's guidance and apply the updates.

CISA adds the six exploited Microsoft flaws to the KEV catalog

Following Microsoft's February 2026 Patch Tuesday release, CISA added all six actively exploited zero-day vulnerabilities to its Known Exploited Vulnerabilities catalog. This elevated the urgency for federal agencies and other defenders to prioritize remediation.

Windows 11 cumulative updates KB5077181 and KB5075941 released

On 2026-02-10, Microsoft released mandatory Windows 11 cumulative updates KB5077181 and KB5075941 for versions 25H2/24H2 and 23H2. The updates delivered the February security fixes along with quality improvements and new features, and Microsoft said it was not aware of new issues at release.

Microsoft begins phased rollout of updated Secure Boot certificates

As part of the February 2026 updates, Microsoft started a phased deployment of updated Secure Boot certificates to replace expiring 2011 certificates. The rollout used device targeting data and successful-update signals to control deployment.

Microsoft patches six actively exploited zero-days

The February 2026 Patch Tuesday release fixed six zero-day vulnerabilities that Microsoft said were actively exploited in the wild, including flaws in Windows Shell/SmartScreen, MSHTML, Microsoft Word, Desktop Window Manager, Remote Desktop Services, and Remote Access Connection Manager. Three of the zero-days were also publicly disclosed before patches became available.

Microsoft releases February 2026 Patch Tuesday fixes

On 2026-02-10, Microsoft published its February 2026 Patch Tuesday security updates, addressing roughly 54-59 vulnerabilities across Windows, Office, Azure, Exchange, developer tools, and other products. The release included multiple critical issues and required customer action to apply the fixes.

LINKED ENTITIES

Related entities

Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.

123 LINKEDOpen in app
Vulnerabilities
63 linked
Windows Remote Access Connection Manager NULL Pointer Dereference DoSMicrosoft Word OLE Security Feature BypassWindows Shell SmartScreen and Security Prompt Bypass via Malicious LNK/LinkDesktop Window Manager Type Confusion Local Privilege EscalationMicrosoft MSHTML Framework Security Feature BypassWindows Remote Desktop Services Elevation of PrivilegeUntitledRCE via unsafe deserialization in Azure SDK (Azure SDK for Python)Azure Function Information Disclosure VulnerabilityUntitledUntitledInformation disclosure in Azure IoT Explorer via unrestricted IP bindSpoofing via Deserialization of Untrusted Data in Microsoft OutlookCode injection RCE in Microsoft Defender for Linux (Defender for Endpoint Linux extension)Windows Storage Elevation of Privilege VulnerabilityInformation Disclosure in Azure Compute Gallery / Microsoft ACI Confidential ContainersWindows Cluster Client Failover Use-After-Free Elevation of PrivilegeTOCTOU race condition RCE in GitHub Copilot and Visual Studio CodeCommand Injection Privilege Escalation in GitHub Copilot and Visual StudioCommand Injection RCE in GitHub Copilot and Visual StudioCommand Injection in GitHub Copilot and Visual Studio Code mcp.json HandlingWindows Hyper-V Security Feature Bypass VulnerabilityXSS in Azure HDInsights (network spoofing)Spoofing in Microsoft Exchange Server InterceptorSmtpAgentLocal privilege escalation via link following in Windows App for MacLocal information disclosure in Microsoft Office Excel (improper input validation)Windows HTTP.sys Elevation of Privilege VulnerabilityOut-of-bounds read information disclosure in Microsoft Office ExcelCommand injection RCE in GitHub Copilot for JetBrainsMailslot File System Elevation of Privilege VulnerabilityCommand Injection in Azure Compute Gallery / Microsoft ACI Confidential ContainersMicrosoft Outlook Spoofing VulnerabilityUntitledHeap-based buffer overflow in libjpeg-turbo merged upsampling (h2v2_merged_upsample_internal)Authenticated RCE in n8n Workflow Expression EvaluationWindows Hyper-V Remote Code Execution VulnerabilityMicrosoft Office Shell.Explorer.1 OLE Security Feature BypassType Confusion in V8 in Google ChromeHeap Buffer Overflow in libvpx in Google ChromeMicrosoft Edge for Android UI Misrepresentation Spoofing VulnerabilityWindows Subsystem for Linux Race Condition Privilege EscalationRCE in Azure Local via improper certificate validation (CVE-2026-21228)Local EoP in Windows HTTP.sys via untrusted pointer dereferenceWindows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityWindows LDAP Null Pointer Dereference Denial of ServiceHeap-based Buffer Overflow in Windows Hyper-VWindows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.NET System.Security.Cryptography.Cose spoofing / security feature bypassRemote Code Execution in Windows Notepad App via Markdown Link HandlingWindows NTLM searchConnector-ms NTLM Response Disclosure / SpoofingWindows Subsystem for Linux Use-After-Free Privilege EscalationWindows Kernel Elevation of Privilege Race ConditionElevation of Privilege in Windows Ancillary Function Driver for WinSockPrivilege Escalation in Windows Connected Devices Platform ServiceWindows Graphics Component Use-After-Free Privilege EscalationHeap-based Buffer Overflow in Microsoft Graphics ComponentWindows GDI+ Buffer Over-read Denial of Service VulnerabilityWindows HTTP.sys Elevation of Privilege VulnerabilityRCE in Microsoft Power BI via improper input validationWindows Kernel Heap-Based Buffer Overflow Privilege EscalationWindows Kernel Information Disclosure VulnerabilityWindows Kernel Heap-Based Buffer Overflow Privilege EscalationRemote Code Execution in Windows Hyper-V
Affected products
35 linked
Microsoft OfficeAzure Devops ServerInternet ExplorerAzure Front DoorAzure Iot ExplorerAzure HdinsightWindows App For MacAndroidOffice Online ServerWindowsWindows 11Windows ServerSpotifyAzure SdkAzure FunctionsPower Bi Report ServerNetGithub CopilotAzure Compute GalleryAzure ArcVisual Studio CodeN8nAndroidAndroidNetAndroidDesktop Window ManagerWindows ShellMicrosoft Defender For EndpointN8nAzure LocalMicrosoft Aci Confidential ContainersWindows NotepadWindows Remote DesktopAzure Ai Language Authoring
Organizations
25 linked
Microsoft CorporationTrend MicroAction1GitHubAutomoxSpotifyCisco SystemsRed HatBeyondtrustTenableSamsung ElectronicsSAPACROS SecurityXiaomiFortinetCrowdStrikeN8nAdobeJetbrainsFortraOppoVivoTinesGoogleHonor Device Co., Ltd.
SOURCE COVERAGE

Sources

11 references tracked. Mallory keeps watching after this page renders.

11 SOURCESView all
Cyber Security NewsNews
Feb 11, 2026

Microsoft Releases Critical Windows 11 Cumulative Updates for Versions 25H2, 24H2, and 23H2

cybersecuritynews.com

Open source
Security AffairsNews
Feb 10, 2026

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days

securityaffairs.com

Open source
CyberscoopNews
Feb 10, 2026

Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities | CyberScoop

cyberscoop.com

Open source
Ca CcsNews
Feb 10, 2026

Microsoft security advisory - February 2026 monthly rollup (AV26-111) - Canadian Centre for Cyber Security

cyber.gc.ca

Open source
3 additional sources from 10-02-2026 to 10-02-2026
Bleeping ComputerNews
Feb 10, 2026

Windows 11 KB5077181 & KB5075941 cumulative updates released

bleepingcomputer.com

Open source
Talos Intelligence BlogAdvisories
Feb 10, 2026

Microsoft Patch Tuesday for February 2026 - Snort rules and prominent vulnerabilities

blog.talosintelligence.com

Open source
Bleeping ComputerNews
Feb 10, 2026

Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws

bleepingcomputer.com

Open source
Register SecurityNews
Feb 10, 2026

Microsoft's Valentine's gift to admins: 6 zero-day fixes • The Register

go.theregister.com

Open source
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Start free trial
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.