Today marks Microsoft’s February 2026 Patch Tuesday. This month, they rolled out fixes for 58 different vulnerabilities, including 6 that are actively being exploited. Among these are three zero-day vulnerabilities that were publicly disclosed.
Overall, five vulnerabilities are classified as “Critical,” with three being elevation of privileges and two related to information disclosure. Here’s a breakdown of the different types of vulnerabilities addressed:
- 25 Elevation of Privilege vulnerabilities
- 5 Security Feature Bypass vulnerabilities
- 12 Remote Code Execution vulnerabilities
- 6 Information Disclosure vulnerabilities
- 3 Denial of Service vulnerabilities
- 7 Spoofing vulnerabilities
Microsoft also started introducing new Secure Boot certificates. These will replace the old certificates set to expire in June 2026. According to Microsoft, the update aims to ensure a smooth and safe rollout by waiting for devices to show they can successfully receive the new certificates.
Six actively exploited vulnerabilities need immediate attention this month. Three of these had been publicly disclosed. These zero-day vulnerabilities pose significant risks as they can be exploited without a fix in place:
- CVE-2026-21510 – Windows Shell Security Bypass
- CVE-2026-21513 – MSHTML Framework Security Bypass
- CVE-2026-21514 – Microsoft Word Security Bypass
This flaw allows attackers to execute malicious content by tricking users into opening links or specially crafted files.
It lets unauthorized users bypass security measures remotely.
This vulnerability involves malicious Office files that exploit users’ permissions when opened.
Experts highlight the importance of regularly updating software to defend against these kinds of exploits. As security threats evolve, keeping systems updated is essential. According to a recent study by the Ponemon Institute, 70% of attacks target known vulnerabilities, emphasizing the need for timely updates.
Other companies also released updates in February, but Microsoft’s latest fixes are particularly critical. For those interested, detailed reports on non-security updates, like Windows 11 KB5077181, are available for review.
In conclusion, staying informed about updates and vulnerabilities is vital in maintaining cybersecurity. Regular updates can significantly reduce the risk of exploitation in any organization. For the full list of resolved vulnerabilities from this Patch Tuesday, view the complete report [here](https://msrc.microsoft.com/update-guide/).
Source link
