Microsoft Patch Tuesday February 2026
11 Feb 2026
The February edition of Microsoft Patch Tuesday has been released. The update addresses 58+ flaws, out of which 6 are actively exploited zero-day vulnerabilities, out of which 3 are publicly disclosed.
The vulnerabilities were patched, which are leveraged by attackers to carry out attacks:
|
Number |
Type of vulnerabilities |
|
25 |
Privilege elevation |
|
5 |
Security feature bypass |
|
12 |
Remote code execution |
|
6 |
Information disclosure |
|
3 |
Denial of service |
|
7 |
Spoofing |
6 actively exploited zero-day vulnerabilities addressed
CVE-2026-21510 (CVSS – 8.8)
Security Feature Bypass vulnerability – Windows Shell
This zero-day vulnerability is actively exploited by attackers, allowing execution of tailored malicious attacker-controlled contents without issuing any warning to the user or needing consent by bypassing the Windows SmartScreen and Windows Shell security prompts.
They could also enable attackers to bypass the Mark of the Web (MoTW) security warnings feature that marks files downloaded from the internet as potentially unsafe.
A successful exploit requires users to open malicious links or shortcut files specially crafted by attackers.
CVE-2026-21513 (CVSS 8.8)
The actively exploited zero-day vulnerability impacts the MSHTML framework. The MSHTML(also known as Trident) is a browser engine for the Windows version of Internet Explorer. By exploiting the vulnerability, an attacker can bypass the security features on Internet Explorer to execute malicious code on their systems. Attackers can exploit this vulnerability by tricking users into opening HTML files or shortcut links (.lnk) delivered as an email attachment or download.
CVE-2026-21514 (CVSS 7.8 )
Security Feature Bypass vulnerability – Microsoft Word
This actively exploited zero-day vulnerability affects Microsoft Office Word. By exploiting the vulnerability, an attacker can bypass security features/OLE mitigations to execute malicious codes/objects, deliver malware, and gain initial access.
OLE (Object Linking and Embedding) is a Microsoft technology that allows integration of objects like texts, images, charts, and Excel spreadsheets across different applications in a single file.
CVE-2026-21519 (CVSS 7.8)
Elevation of privileges – Windows manager
This actively exploited zero-day vulnerability in the Desktop Window Manager allows locally authenticated attackers to gain SYSTEM-level privileged access. Attackers could use this access to disrupt operations, take control of systems, and steal information.
The Desktop Window Manager is a Windows component that allows users to organize windows on their screens.
Microsoft has patched the vulnerability through this update.
CVE-2026-21525
Denial of Service vulnerability – Windows Remote Access Connection Manager
Microsoft has addressed an actively exploited vulnerability in Windows Remote Access Connection Manager, a service used to enable access to network resources and applications remotely. It is used to manage secure connections to remote servers using VPN and dial-up. By exploiting this vulnerability, attackers can orchestrate denial-of-service attacks.
CVE-2026-21533
Elevation of privilege vulnerability – Windows Remote Desktop services
The actively exploited vulnerability in the Windows Remote Desktop service allows threat actors to add new users to the Administrator group by elevating privileges locally. The Windows Remote Desktop Service is a Microsoft technology that enables users to connect and control systems or virtual machines over a network.
All the vulnerabilities addressed
The following is a complete list of vulnerabilities addressed in the February 2026 Patch Tuesday update:
|
Component |
CVE ID |
CVE Title |
Severity |
|
.NET |
.NET Spoofing Vulnerability |
Important |
|
|
Azure Arc |
Azure Arc Elevation of Privilege Vulnerability |
Critical |
|
|
Azure Compute Gallery |
Microsoft ACI Confidential Containers Information Disclosure Vulnerability |
Critical |
|
|
Azure Compute Gallery |
Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability |
Critical |
|
|
Azure DevOps Server |
Azure DevOps Server Cross-Site Scripting Vulnerability |
Important |
|
|
Azure Front Door (AFD) |
Azure Front Door Elevation of Privilege Vulnerability |
Critical |
|
|
Azure Function |
Azure Function Information Disclosure Vulnerability |
Critical |
|
|
Azure HDInsights |
Azure HDInsight Spoofing Vulnerability |
Important |
|
|
Azure IoT SDK |
Azure IoT Explorer Information Disclosure Vulnerability |
Important |
|
|
Azure Local |
Azure Local Remote Code Execution Vulnerability |
Important |
|
|
Azure SDK |
Azure SDK for Python Remote Code Execution Vulnerability |
Important |
|
|
Desktop Window Manager |
Desktop Window Manager Elevation of Privilege Vulnerability |
Important |
|
|
Github Copilot |
GitHub Copilot for Jetbrains Remote Code Execution Vulnerability |
Important |
|
|
GitHub Copilot and Visual Studio |
GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability |
Important |
|
|
GitHub Copilot and Visual Studio |
GitHub Copilot and Visual Studio Remote Code Execution Vulnerability |
Important |
|
|
GitHub Copilot and Visual Studio |
GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability |
Important |
|
|
GitHub Copilot and Visual Studio Code |
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability |
Important |
|
|
Mailslot File System |
Mailslot File System Elevation of Privilege Vulnerability |
Important |
|
|
Microsoft Defender for Linux |
Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability |
Important |
|
|
Microsoft Edge (Chromium-based) |
Chromium: CVE-2026-1861 Heap buffer overflow in libvpx |
Unknown |
|
|
Microsoft Edge (Chromium-based) |
Chromium: CVE-2026-1862 Type Confusion in V8 |
Unknown |
|
|
Microsoft Edge for Android |
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability |
Moderate |
|
|
Microsoft Exchange Server |
Microsoft Exchange Server Spoofing Vulnerability |
Important |
|
|
Microsoft Graphics Component |
Windows Graphics Component Elevation of Privilege Vulnerability |
Important |
|
|
Microsoft Graphics Component |
Windows Graphics Component Elevation of Privilege Vulnerability |
Important |
|
|
Microsoft Office Excel |
Microsoft Excel Information Disclosure Vulnerability |
Important |
|
|
Microsoft Office Excel |
Microsoft Excel Information Disclosure Vulnerability |
Important |
|
|
Microsoft Office Excel |
Microsoft Excel Elevation of Privilege Vulnerability |
Important |
|
|
Microsoft Office Outlook |
Microsoft Outlook Spoofing Vulnerability |
Important |
|
|
Microsoft Office Outlook |
Microsoft Outlook Spoofing Vulnerability |
Important |
|
|
Microsoft Office Word |
Microsoft Word Security Feature Bypass Vulnerability |
Important |
|
|
MSHTML Framework |
MSHTML Framework Security Feature Bypass Vulnerability |
Important |
|
|
Power BI |
Power BI Remote Code Execution Vulnerability |
Important |
|
|
Role: Windows Hyper-V |
Windows Hyper-V Remote Code Execution Vulnerability |
Important |
|
|
Role: Windows Hyper-V |
Windows Hyper-V Security Feature Bypass Vulnerability |
Important |
|
|
Role: Windows Hyper-V |
Windows Hyper-V Remote Code Execution Vulnerability |
Important |
|
|
Role: Windows Hyper-V |
Windows Hyper-V Remote Code Execution Vulnerability |
Important |
|
|
Windows Ancillary Function Driver for WinSock |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
Important |
|
|
Windows Ancillary Function Driver for WinSock |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
Important |
|
|
Windows Ancillary Function Driver for WinSock |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
Important |
|
|
Windows App for Mac |
Windows App for Mac Installer Elevation of Privilege Vulnerability |
Important |
|
|
Windows Cluster Client Failover |
Cluster Client Failover (CCF) Elevation of Privilege Vulnerability |
Important |
|
|
Windows Connected Devices Platform Service |
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability |
Important |
|
|
Windows GDI+ |
GDI+ Denial of Service Vulnerability |
Important |
|
|
Windows HTTP.sys |
Windows HTTP.sys Elevation of Privilege Vulnerability |
Important |
|
|
Windows HTTP.sys |
Windows HTTP.sys Elevation of Privilege Vulnerability |
Important |
|
|
Windows HTTP.sys |
Windows HTTP.sys Elevation of Privilege Vulnerability |
Important |
|
|
Windows Kernel |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
|
|
Windows Kernel |
Windows Kernel Information Disclosure Vulnerability |
Important |
|
|
Windows Kernel |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
|
|
Windows Kernel |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
|
|
Windows LDAP – Lightweight Directory Access Protocol |
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
Important |
|
|
Windows Notepad App |
Windows Notepad App Remote Code Execution Vulnerability |
Important |
|
|
Windows NTLM |
Windows NTLM Spoofing Vulnerability |
Important |
|
|
Windows Remote Access Connection Manager |
Windows Remote Access Connection Manager Denial of Service Vulnerability |
Moderate |
|
|
Windows Remote Desktop |
Windows Remote Desktop Services Elevation of Privilege Vulnerability |
Important |
|
|
Windows Shell |
Windows Shell Security Feature Bypass Vulnerability |
Important |
|
|
Windows Storage |
Windows Storage Elevation of Privilege Vulnerability |
Important |
|
|
Windows Subsystem for Linux |
Windows Subsystem for Linux Elevation of Privilege Vulnerability |
Important |
|
|
Windows Subsystem for Linux |
Windows Subsystem for Linux Elevation of Privilege Vulnerability |
Important |
|
|
Windows Win32K – GRFX |
Red Hat, Inc. CVE-2023-2804: Heap Based Overflow libjpeg-turbo |
Important |
SharkStriker’s recommendations
SharkStriker’s SOC team has already flagged the zero-day CVEs for prioritized remediation and is continuously monitoring the environment for indicators of privilege escalation.
The following are some of the security recommendations:
- Immediately apply February 2026 Patch Tuesday updates across all Microsoft products.
- Prioritize patching the 6 actively exploited zero-days, especially CVE-2026-21510, CVE-2026-21514, and CVE-2026-21519.
- Avoid opening suspicious links, shortcuts, or malicious Office documents.
- Enforce MFA for all accounts, particularly privileged and Azure-related.
- Monitor for signs of exploitation, such as unusual privilege escalations, process creations, or bypass attempts.
- Patch Windows 10 ESU / LTSC systems and legacy versions without delay.
- Review Azure configurations for confidential computing workloads.