February 2026 Patch Tuesday Security Updates for Microsoft Windows and Adobe Products
Microsoft and Adobe released their February 2026 Patch Tuesday security updates, with Microsoft addressing 58 vulnerabilities and reporting six actively exploited zero-day flaws as part of the month’s fixes. Microsoft also continued its rollout of replacements for expiring Secure Boot certificates and shipped the Windows 10 KB5075912 Extended Security Update (ESU) for eligible systems (e.g., Windows 10 Enterprise LTSC and ESU-enrolled devices), updating builds to 19045.6937 (Windows 10) and 19044.6937 (LTSC 2021). In addition to security fixes, KB5075912 includes reliability remediation for an issue where some Secure Launch-capable PCs with VSM enabled could not shut down or hibernate after January 2026 security updates.
Adobe published nine security bulletins covering 44 CVEs across products including After Effects, Audition, InDesign, Adobe Bridge, Lightroom Classic, and multiple Substance 3D applications, with several issues rated Critical and potentially leading to code execution (notably in After Effects and Substance 3D Stager). Adobe stated that, at release time, none of the addressed vulnerabilities were listed as publicly known or under active attack, contrasting with Microsoft’s disclosure of in-the-wild exploitation for multiple zero-days in the same Patch Tuesday cycle.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Microsoft continues phased rollout of new Secure Boot certificates
Microsoft said it was continuing a phased deployment of replacement Secure Boot certificates ahead of the June 2026 expiration of 2011-era certificates. The rollout uses targeting data to send the certificates only to devices showing sufficient successful update signals.
Microsoft releases Windows 10 ESU update KB5075912
Microsoft released Windows 10 KB5075912 as the February 2026 Extended Security Update for Windows 10 Enterprise LTSC and systems enrolled in the ESU program, updating supported systems to builds 19045.6937 and 19044.6937. The update included the broader Patch Tuesday security fixes, including six actively exploited zero-days, plus fixes for shutdown, File Explorer, and GPU-related issues.
Microsoft discloses six actively exploited zero-days in February Patch Tuesday
At release, Microsoft reported that six vulnerabilities fixed in the February 2026 updates were being exploited in the wild, with three also publicly known. The exploited issues included SmartScreen, Windows Shell, Word, Internet Explorer-related, elevation-of-privilege, and Remote Access Connection Manager flaws.
Microsoft issues February 2026 Patch Tuesday fixes for 58 CVEs
Microsoft released its February 2026 Patch Tuesday security updates covering 58 new CVEs, or 62 including third-party and Chromium items, across Windows, Office, Azure, Edge, .NET/Visual Studio, Exchange, Hyper-V, WSL, and other components. Five of the flaws were rated Critical.
Adobe releases February 2026 security updates for 44 CVEs
Adobe published nine security bulletins covering 44 CVEs across Creative Cloud products and related components, including Critical code-execution flaws in several products. Adobe said none of the vulnerabilities were publicly known or under active attack at release time, and assigned all updates deployment priority 3.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates
Microsoft released its **February 2026 Patch Tuesday** security updates, addressing **54–58 vulnerabilities** across Windows and other Microsoft products, including **six zero-days** that were **publicly disclosed and/or actively exploited** prior to patch availability. Reported zero-days include `CVE-2026-21514` (Office Word security feature bypass), `CVE-2026-21513` (MSHTML security feature bypass), `CVE-2026-21510` (Windows Shell security feature bypass), `CVE-2026-21533` (Windows Remote Desktop Services elevation of privilege), `CVE-2026-21525` (Windows Remote Access Connection Manager DoS), and `CVE-2026-21519` (Desktop Window Manager elevation of privilege). The broader release spans common bug classes such as **RCE**, **EoP**, **information disclosure**, **spoofing**, **DoS**, and **security feature bypass**, with multiple **Critical** issues also called out, including Azure Compute Gallery flaws impacting *ACI Confidential Containers* (`CVE-2026-23655`, `CVE-2026-21522`). As part of the February Windows updates, Microsoft also began a **phased rollout of updated Secure Boot certificates** to replace the original **2011 certificates** ahead of their expiration in **late June 2026**, using “targeting data” and “successful update signals” to control deployment. Windows 11 cumulative updates (including **KB5077181** and **KB5075941**) were released as mandatory Patch Tuesday packages for supported Windows 11 versions, bundling the security fixes alongside additional reliability and feature changes. Separately, Adobe issued February security bulletins covering **44 CVEs** across multiple Creative Cloud products; those Adobe issues were not listed as publicly known or under active attack at release.
Mar 21, 2026
February Patch Releases Address Actively Exploited Windows Zero-Days and High-Severity Chrome Vulnerabilities
A broad set of February security updates shipped across major vendors, led by **Microsoft** releasing fixes for **59 Windows flaws**, including **six actively exploited zero-days** affecting multiple Windows components with impacts spanning security feature bypass, privilege escalation, and denial-of-service. **Adobe** also issued updates across creative products (e.g., *Audition*, *After Effects*, *InDesign*, *Lightroom Classic*), stating it is not aware of in-the-wild exploitation of the addressed issues. **SAP** published fixes for two critical vulnerabilities: `CVE-2026-0488` (CVSS 9.9), a code/SQL injection issue in SAP CRM and SAP S/4HANA that could enable arbitrary SQL execution and full database compromise, and `CVE-2026-0509` (CVSS 9.6), a missing authorization check in SAP NetWeaver AS ABAP/ABAP Platform that could allow low-privileged users to perform background RFC actions without required `S_RFC` authorization (mitigations include a kernel update and profile parameter changes). Separately, **Google/Chromium** released **Chrome/Chromium 144** updates addressing **11 CVEs** including high-severity issues in **V8** and **Blink** (notably `CVE-2026-1220`, a V8 race condition), with no confirmed public reporting of active exploitation for those Chrome bugs at the time of publication; **Intel and Google** also reported multiple vulnerabilities in **Intel TDX 1.5** (including `CVE-2025-32007`, `CVE-2025-27940`, `CVE-2025-30513`, `CVE-2025-27572`, `CVE-2025-32467`).
Mar 21, 2026
October 2025 Patch Tuesday Security Updates from Microsoft, Adobe, SAP, and Ivanti
Microsoft, Adobe, SAP, and Ivanti released a coordinated set of security updates addressing over 200 vulnerabilities as part of the October 2025 Patch Tuesday. Microsoft led the effort by patching more than 175 vulnerabilities, including three that are actively being exploited in the wild. Among the most severe issues is a critical remote code execution vulnerability in Windows Server Update Services, identified as CVE-2025-59287, which could allow unauthenticated attackers to execute arbitrary code via unsafe object deserialization. Two other exploited vulnerabilities, CVE-2025-24990 and CVE-2025-59230, are elevation-of-privilege flaws affecting Windows components. Additionally, Microsoft addressed a Secure Boot bypass vulnerability in Linux-based IGEL OS (CVE-2025-47827) and disclosed several publicly known issues, such as CVE-2025-0033 in AMD EPYC processors, which remains unpatched, as well as flaws in TPM 2.0 reference code and the Agere Modem driver. Seventeen of Microsoft’s patched vulnerabilities were rated as critical, underscoring the urgency for organizations to apply updates. Adobe released 12 security bulletins covering 36 unique CVEs across a range of products, including Connect, Commerce, Creative Cloud Desktop, Bridge, Animate, Experience Manager Screens, Substance 3D Viewer, Substance 3D Modeler, FrameMaker, Illustrator, Dimension, and Substance 3D Stager. The most critical Adobe updates addressed five code execution vulnerabilities in Substance 3D Stager and four in Dimension. Illustrator’s patch fixed two code execution bugs, while Commerce’s update resolved five CVEs, including two security feature bypasses. FrameMaker’s update addressed two critical code execution vulnerabilities. Other Adobe products, such as Animate and Substance 3D Viewer, also received patches for critical issues. Notably, none of the Adobe vulnerabilities were publicly known or under active attack at the time of release. SAP contributed by issuing 17 security notes, with four addressing critical command execution vulnerabilities in NetWeaver. Ivanti released patches for Endpoint Manager Mobile and Neurons for MDM, though none of these vulnerabilities had been exploited prior to the update. Security teams are strongly advised to prioritize the deployment of these patches to mitigate the risk of exploitation, especially for those vulnerabilities already being targeted by threat actors. The breadth of affected products highlights the ongoing need for comprehensive patch management across diverse enterprise environments. The updates reflect a continued trend of attackers focusing on privilege escalation and remote code execution flaws, which can have significant impact if left unaddressed. Organizations should also be aware of the unpatched AMD EPYC processor vulnerability and monitor for future updates. The coordinated release of these patches demonstrates the industry’s commitment to addressing security risks in a timely manner. Regular review of vendor advisories and prompt application of updates remain critical components of an effective cybersecurity strategy. The October 2025 Patch Tuesday serves as a reminder of the evolving threat landscape and the importance of maintaining up-to-date defenses. Security professionals should review the detailed advisories for each product to ensure all relevant patches are applied. The inclusion of both actively exploited and critical vulnerabilities in this cycle underscores the need for vigilance and rapid response. By addressing these vulnerabilities, organizations can significantly reduce their exposure to cyber threats.
Mar 21, 2026