Microsoft Patch Tuesday February 2026

11 Feb 2026

The February edition of Microsoft Patch Tuesday has been released. The update addresses 58+ flaws, out of which 6 are actively exploited zero-day vulnerabilities, out of which 3 are publicly disclosed.

 

The vulnerabilities were patched, which are leveraged by attackers to carry out attacks:

Number 

Type of vulnerabilities 

25 

Privilege elevation 

5 

Security feature bypass 

12 

Remote code execution 

6 

Information disclosure 

3 

Denial of service 

7 

Spoofing 

 

6 actively exploited zero-day vulnerabilities addressed

CVE-2026-21510 (CVSS – 8.8)

Security Feature Bypass vulnerability – Windows Shell

 

This zero-day vulnerability is actively exploited by attackers, allowing execution of tailored malicious attacker-controlled contents without issuing any warning to the user or needing consent by bypassing the Windows SmartScreen and Windows Shell security prompts.

 

They could also enable attackers to bypass the Mark of the Web (MoTW) security warnings feature that marks files downloaded from the internet as potentially unsafe. 

 

A successful exploit requires users to open malicious links or shortcut files specially crafted by attackers.

 

CVE-2026-21513 (CVSS 8.8)

The actively exploited zero-day vulnerability impacts the MSHTML framework. The MSHTML(also known as Trident) is a browser engine for the Windows version of Internet Explorer. By exploiting the vulnerability, an attacker can bypass the security features on Internet Explorer to execute malicious code on their systems. Attackers can exploit this vulnerability by tricking users into opening HTML files or shortcut links (.lnk) delivered as an email attachment or download.

 

CVE-2026-21514 (CVSS 7.8 )

Security Feature Bypass vulnerability – Microsoft Word

 

This actively exploited zero-day vulnerability affects Microsoft Office Word. By exploiting the vulnerability, an attacker can bypass security features/OLE mitigations to execute malicious codes/objects, deliver malware, and gain initial access.

 

OLE (Object Linking and Embedding) is a Microsoft technology that allows integration of objects like texts, images, charts, and Excel spreadsheets across different applications in a single file.

 

CVE-2026-21519 (CVSS 7.8)

Elevation of privileges – Windows manager

 

This actively exploited zero-day vulnerability in the Desktop Window Manager allows locally authenticated attackers to gain SYSTEM-level privileged access. Attackers could use this access to disrupt operations, take control of systems, and steal information.

 

The Desktop Window Manager is a Windows component that allows users to organize windows on their screens.

 

Microsoft has patched the vulnerability through this update.

 

CVE-2026-21525

Denial of Service vulnerability – Windows Remote Access Connection Manager

 

Microsoft has addressed an actively exploited vulnerability in Windows Remote Access Connection Manager, a service used to enable access to network resources and applications remotely. It is used to manage secure connections to remote servers using VPN and dial-up. By exploiting this vulnerability, attackers can orchestrate denial-of-service attacks.

 

CVE-2026-21533

Elevation of privilege vulnerability – Windows Remote Desktop services

 

The actively exploited vulnerability in the Windows Remote Desktop service allows threat actors to add new users to the Administrator group by elevating privileges locally. The Windows Remote Desktop Service is a Microsoft technology that enables users to connect and control systems or virtual machines over a network.

All the vulnerabilities addressed

The following is a complete list of vulnerabilities addressed in the February 2026 Patch Tuesday update:

Component 

CVE ID 

CVE Title 

Severity 

.NET 

CVE-2026-21218 

.NET Spoofing Vulnerability 

Important 

Azure Arc 

CVE-2026-24302 

Azure Arc Elevation of Privilege Vulnerability 

Critical 

Azure Compute Gallery 

CVE-2026-23655 

Microsoft ACI Confidential Containers Information Disclosure Vulnerability 

Critical 

Azure Compute Gallery 

CVE-2026-21522 

Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability 

Critical 

Azure DevOps Server 

CVE-2026-21512 

Azure DevOps Server Cross-Site Scripting Vulnerability 

Important 

Azure Front Door (AFD) 

CVE-2026-24300 

Azure Front Door Elevation of Privilege Vulnerability 

Critical 

Azure Function 

CVE-2026-21532 

Azure Function Information Disclosure Vulnerability 

Critical 

Azure HDInsights 

CVE-2026-21529 

Azure HDInsight Spoofing Vulnerability 

Important 

Azure IoT SDK 

CVE-2026-21528 

Azure IoT Explorer Information Disclosure Vulnerability 

Important 

Azure Local 

CVE-2026-21228 

Azure Local Remote Code Execution Vulnerability 

Important 

Azure SDK 

CVE-2026-21531 

Azure SDK for Python Remote Code Execution Vulnerability 

Important 

Desktop Window Manager 

CVE-2026-21519 

Desktop Window Manager Elevation of Privilege Vulnerability 

Important 

Github Copilot 

CVE-2026-21516 

GitHub Copilot for Jetbrains Remote Code Execution Vulnerability 

Important 

GitHub Copilot and Visual Studio 

CVE-2026-21523 

GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability 

Important 

GitHub Copilot and Visual Studio 

CVE-2026-21256 

GitHub Copilot and Visual Studio Remote Code Execution Vulnerability 

Important 

GitHub Copilot and Visual Studio 

CVE-2026-21257 

GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability 

Important 

GitHub Copilot and Visual Studio Code 

CVE-2026-21518 

GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability 

Important 

Mailslot File System 

CVE-2026-21253 

Mailslot File System Elevation of Privilege Vulnerability 

Important 

Microsoft Defender for Linux 

CVE-2026-21537 

Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability 

Important 

Microsoft Edge (Chromium-based) 

CVE-2026-1861 

Chromium: CVE-2026-1861 Heap buffer overflow in libvpx 

Unknown 

Microsoft Edge (Chromium-based) 

CVE-2026-1862 

Chromium: CVE-2026-1862 Type Confusion in V8 

Unknown 

Microsoft Edge for Android 

CVE-2026-0391 

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability 

Moderate 

Microsoft Exchange Server 

CVE-2026-21527 

Microsoft Exchange Server Spoofing Vulnerability 

Important 

Microsoft Graphics Component 

CVE-2026-21246 

Windows Graphics Component Elevation of Privilege Vulnerability 

Important 

Microsoft Graphics Component 

CVE-2026-21235 

Windows Graphics Component Elevation of Privilege Vulnerability 

Important 

Microsoft Office Excel 

CVE-2026-21261 

Microsoft Excel Information Disclosure Vulnerability 

Important 

Microsoft Office Excel 

CVE-2026-21258 

Microsoft Excel Information Disclosure Vulnerability 

Important 

Microsoft Office Excel 

CVE-2026-21259 

Microsoft Excel Elevation of Privilege Vulnerability 

Important 

Microsoft Office Outlook 

CVE-2026-21260 

Microsoft Outlook Spoofing Vulnerability 

Important 

Microsoft Office Outlook 

CVE-2026-21511 

Microsoft Outlook Spoofing Vulnerability 

Important 

Microsoft Office Word 

CVE-2026-21514 

Microsoft Word Security Feature Bypass Vulnerability 

Important 

MSHTML Framework 

CVE-2026-21513 

MSHTML Framework Security Feature Bypass Vulnerability 

Important 

Power BI 

CVE-2026-21229 

Power BI Remote Code Execution Vulnerability 

Important 

Role: Windows Hyper-V 

CVE-2026-21244 

Windows Hyper-V Remote Code Execution Vulnerability 

Important 

Role: Windows Hyper-V 

CVE-2026-21255 

Windows Hyper-V Security Feature Bypass Vulnerability 

Important 

Role: Windows Hyper-V 

CVE-2026-21248 

Windows Hyper-V Remote Code Execution Vulnerability 

Important 

Role: Windows Hyper-V 

CVE-2026-21247 

Windows Hyper-V Remote Code Execution Vulnerability 

Important 

Windows Ancillary Function Driver for WinSock 

CVE-2026-21236 

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 

Important 

Windows Ancillary Function Driver for WinSock 

CVE-2026-21241 

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 

Important 

Windows Ancillary Function Driver for WinSock 

CVE-2026-21238 

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 

Important 

Windows App for Mac 

CVE-2026-21517 

Windows App for Mac Installer Elevation of Privilege Vulnerability 

Important 

Windows Cluster Client Failover 

CVE-2026-21251 

Cluster Client Failover (CCF) Elevation of Privilege Vulnerability 

Important 

Windows Connected Devices Platform Service 

CVE-2026-21234 

Windows Connected Devices Platform Service Elevation of Privilege Vulnerability 

Important 

Windows GDI+ 

CVE-2026-20846 

GDI+ Denial of Service Vulnerability 

Important 

Windows HTTP.sys 

CVE-2026-21240 

Windows HTTP.sys Elevation of Privilege Vulnerability 

Important 

Windows HTTP.sys 

CVE-2026-21250 

Windows HTTP.sys Elevation of Privilege Vulnerability 

Important 

Windows HTTP.sys 

CVE-2026-21232 

Windows HTTP.sys Elevation of Privilege Vulnerability 

Important 

Windows Kernel 

CVE-2026-21231 

Windows Kernel Elevation of Privilege Vulnerability 

Important 

Windows Kernel 

CVE-2026-21222 

Windows Kernel Information Disclosure Vulnerability 

Important 

Windows Kernel 

CVE-2026-21239 

Windows Kernel Elevation of Privilege Vulnerability 

Important 

Windows Kernel 

CVE-2026-21245 

Windows Kernel Elevation of Privilege Vulnerability 

Important 

Windows LDAP – Lightweight Directory Access Protocol 

CVE-2026-21243 

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability 

Important 

Windows Notepad App 

CVE-2026-20841 

Windows Notepad App Remote Code Execution Vulnerability 

Important 

Windows NTLM 

CVE-2026-21249 

Windows NTLM Spoofing Vulnerability 

Important 

Windows Remote Access Connection Manager 

CVE-2026-21525 

Windows Remote Access Connection Manager Denial of Service Vulnerability 

Moderate 

Windows Remote Desktop 

CVE-2026-21533 

Windows Remote Desktop Services Elevation of Privilege Vulnerability 

Important 

Windows Shell 

CVE-2026-21510 

Windows Shell Security Feature Bypass Vulnerability 

Important 

Windows Storage 

CVE-2026-21508 

Windows Storage Elevation of Privilege Vulnerability 

Important 

Windows Subsystem for Linux 

CVE-2026-21237 

Windows Subsystem for Linux Elevation of Privilege Vulnerability 

Important 

Windows Subsystem for Linux 

CVE-2026-21242 

Windows Subsystem for Linux Elevation of Privilege Vulnerability 

Important 

Windows Win32K – GRFX 

CVE-2023-2804 

Red Hat, Inc. CVE-2023-2804: Heap Based Overflow libjpeg-turbo 

Important 

SharkStriker’s recommendations

SharkStriker’s SOC team has already flagged the zero-day CVEs for prioritized remediation and is continuously monitoring the environment for indicators of privilege escalation.

 

The following are some of the security recommendations:

 

  • Immediately apply February 2026 Patch Tuesday updates across all Microsoft products.
  • Prioritize patching the 6 actively exploited zero-days, especially CVE-2026-21510, CVE-2026-21514, and CVE-2026-21519.
  • Avoid opening suspicious links, shortcuts, or malicious Office documents.
  • Enforce MFA for all accounts, particularly privileged and Azure-related.
  • Monitor for signs of exploitation, such as unusual privilege escalations, process creations, or bypass attempts.
  • Patch Windows 10 ESU / LTSC systems and legacy versions without delay.
  • Review Azure configurations for confidential computing workloads.

Microsoft Patch Tuesday March 2026

The first Microsoft Patch Tuesday of the year addresses over 79+, including 2 zero-day vulnerabilities. Organizations are recommended to immediately patch systems to prevent threat exposure.

Read Now