VULNERABILITIES 6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 Updates Microsoft’s Patch Tuesday updates fix roughly 60 vulnerabilities found in the company’s products. By Eduard Kovacs | February 10, 2026 (2:29 PM ET) Flipboard Reddit Whatsapp Email Microsoft’s February 2026 Patch Tuesday updates fix roughly 60 vulnerabilities found in the company’s products, including six actively exploited zero-days. The zero-days are: CVE-2026-21510: a Windows SmartScreen and Windows Shell security prompts bypass that can be exploited by convincing the targeted user to open a malicious link or shortcut file. CVE-2026-21514: a vulnerability that allows an attacker to bypass OLE mitigations in Microsoft 365 and Office by tricking the target into opening a malicious Office file. CVE-2026-21513: an Internet Explorer issue that allows an attacker to bypass security controls and potentially execute code by convincing the victim to open a malicious HTML or LNK file. CVE-2026-21519: a Windows Desktop Window Manager flaw that can be exploited by a local attacker for privilege escalation. CVE-2026-21533: a Windows Remote Desktop Services vulnerability that allows an attacker to escalate privileges to System. CVE-2026-21525: a Windows Remote Access Connection Manager bug that can be exploited for local DoS attacks. There appears to be no public information about attacks exploiting these zero-days. However, it’s worth noting that for the discovery of both CVE-2026-21510 and CVE-2026-21514 Microsoft credited Google Threat Intelligence Group (GTIG), its own security teams, and an anonymous researcher. CVE-2026-21513 was discovered by Microsoft and GTIG. This suggests that some of these vulnerabilities may have been exploited by the same threat actors or in the same attacks. Google has been tracking attacks conducted by commercial spyware vendors, state-sponsored APTs, and profit-driven cybercriminals, but nation-state hackers are often the first to CVE-2026-21510, CVE-2026-21514 and CVE-2026-21513 are all flagged as ‘publicly disclosed’ in Microsoft’s advisories. CVE-2026-21519 was discovered by Microsoft’s own researchers. The tech giant has credited the cybersecurity firm CrowdStrike with the discovery of CVE-2026-21533 and Acros Security with CVE-2026-21525. ADVERTISEMENT. SCROLL TO CONTINUE READING. SecurityWeek has reached out to both Acros and CrowdStrike for information on the attacks exploiting the zero-days and will update this article if they respond. In addition to Windows and Office, Microsoft has patched vulnerabilities in Azure, Windows Defender, Exchange Server, .NET, GitHub Copilot, Edge, and Power BI. Related: Patch Tuesday: Adobe Fixes 44 Vulnerabilities in Creative Apps Related: Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability Related: SmarterTools Hit by Ransomware via Vulnerability in Its Own Product WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs RSAC Releases Quantickle Open Source Threat Intelligence Visualization Tool Lema AI Emerges From Stealth With $24 Million to Tackle Third-Party Risk Outtake Raises $40 Million to Bolster Digital Trust Against AI-Driven Threats Cybersecurity M&A Roundup: 34 Deals Announced in January 2026 Flickr Security Incident Tied to Third-Party Email System 5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog Substack Discloses Security Incident After Hacker Leaks Data Latest News EU Unconditionally Approves Google’s $32B Acquisition of Wiz Patch Tuesday: Adobe Fixes 44 Vulnerabilities in Creative Apps Reco Raises $30 Million to Enhance AI SaaS Security Vega Raises $120M in Series B Funding to Grow Security Analytics Platform RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India SAP Patches Critical CRM, S/4HANA, NetWeaver Vulnerabilities Backslash Raises $19 Million to Secure Vibe Coding New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices TRENDING Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit PEOPLE ON THE MOVE Pennsylvania has named Andy Ritter as CISO and Jim Sipe as executive deputy CIO. Hayete Gallot has rejoined Microsoft as Executive Vice President, Security. Torq has appointed industry veteran John White as Field CISO. More People On The Move EXPERT INSIGHTS Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) The Upside Down is Real: What Stranger Things Teaches Us About Modern Cybersecurity To all those who are fighting the good fight in the world of cyber, keep collaborating to ensure our world never succumbs to the chaos of the Upside Down. (Nadir Izrael) Why Identity Security Must Move Beyond MFA By integrating identity threat detection with MFA, organizations can protect sensitive data, maintain operational continuity, and reduce risk exposure. (Torsten George) Forget Predictions: True 2026 Cybersecurity Priorities From Leaders Security leaders chart course beyond predictions with focus on supply chain, governance, and team efficiency. (Jennifer Leggio) Flipboard Reddit Whatsapp Email