Security News Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Apr 24, 2016
7,714
6
82,083
8,389
54
The Netherlands
Content source
https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2026-patch-tuesday-fixes-6-zero-days-58-flaws/
Today is Microsoft's February 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclosed zero-day vulnerabilities.

This Patch Tuesday also addresses five "Critical" vulnerabilities, 3 of which are elevation of privileges flaws and 2 information disclosure flaws.

The number of bugs in each vulnerability category is listed below:
  • 25 Elevation of Privilege vulnerabilities
  • 5 Security Feature Bypass vulnerabilities
  • 12 Remote Code Execution vulnerabilities
  • 6 Information Disclosure vulnerabilities
  • 3 Denial of Service vulnerabilities
  • 7 Spoofing vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include 3 Microsoft Edge flaws fixed earlier this month.
Click to expand...
www.bleepingcomputer.com

Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws

Today is Microsoft's February 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclosed zero-day vulnerabilities.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Like
  • Hundred Points
Reactions: Berny, Miravi, lokamoka820 and 4 others
ZDI: The February 2026 Security Update Review
I have survived the biggest Pwn2Own ever, but I’m back in Tokyo for the second Patch Tuesday of 2026. My location never stops Patch Tuesday from coming, so let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.
Click to expand...
Adobe Patches for February 2026

For February, Adobe released nine bulletins addressing 44 unique CVEs in Adobe Audition, After Effects, InDesign, Substance 3D Designer, Substance 3D Stager, Adobe Bridge, Substance 3D Modeler, Lightroom Classic, and the Adobe DNG Software Development Kit (SDK). The largest update here is for After Effects, which fixes 13 Critical and two Important rated bugs. The patch for Substance 3D Designer is on the larger side with seven fixes, but only two of those are Critical. On the other hand, the fix for Substance 3D Stager corrects five Critical-rated bugs that could lead to code execution. The Audition patch fixes six bugs, but only one is Critical.

The other patches are smaller in size. The fix for the Adobe DNG Software Development Kit (SDK) corrects two Critical and two Important-rated bugs. The InDesign patch fixes three bugs, but only one is Critical. The update for Adobe Bridge fixes two Critical bug that could lead to code execution. The patch for Lightroom Classic addresses a single Critical bug, and the release is wrapped up with a patch for Substance 3D Modeler that fixes a single, Important-rated memory link.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release, and all of the updates released by Adobe this month are listed as deployment priority 3.
Click to expand...
Microsoft Patches for February 2026

This month, Microsoft drops 58 new CVEs in Windows and Windows components, Office and Office Components, Azure, Microsoft Edge (Chromium-based), .NET and Visual Studio, GitHub Copilot, Mailslot FS, Exchange Server, Internet Explorer (!), Power BI, Hyper-V Server, and the Windows Subsystem for Linux. Counting the third-party and Chromium updates listed in the release, it brings the total number of CVEs to 62. One of the bugs in the Windows Graphics component was submitted through the ZDI program. Five of these bugs are rated Critical, two are rated Moderate, and the rest are rated Important in severity.

It’s typical to see this number of CVEs released in February, but the number of bugs under active attack is extraordinarily high. Microsoft lists six bugs being exploited at the time of release, with three of these listed as publicly known. Last month only had a single bug being exploited, although there were twice as many CVEs patched. We’ll see if we’re on our way to another “hot exploit summer” as we saw a few years ago or if this is just an aberration.
Click to expand...
Looking Ahead

I plan on being back home for the March release but wherever I’m at, you can rest assured that March 10, I’ll be here to provide my assessment of the release. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!
Click to expand...
www.zerodayinitiative.com

Zero Day Initiative — The February 2026 Security Update Review

I have survived the biggest Pwn2Own ever, but I’m back in Tokyo for the second Patch Tuesday of 2026. My location never stops Patch Tuesday from coming, so let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire releas
www.zerodayinitiative.com www.zerodayinitiative.com
 
  • Like
  • Hundred Points
  • +Reputation
Reactions: Berny, lokamoka820, silversurfer and 2 others
Six Zero-Days in the Wild: The February 2026 Windows Patch Tuesday Breakdown
If January was the warm-up, February is the sprint.

Microsoft’s second Patch Tuesday of 2026 has arrived with significant urgency, addressing 59 vulnerabilities in total. While the total count is manageable, the severity is high, as it contains six zero-day vulnerabilities that are currently being exploited in the wild.

Here is the breakdown of what you need to know, what to patch first, and what might break.

The February 2026 Patch Day overview​

Executive Summary
  • Release Date: February 10, 2026
  • Total Vulnerabilities: 59
  • Critical Vulnerabilities: 5
  • Zero-Days (Actively Exploited): 6 (Windows Shell, MSHTML, Word, DWM, RDP, Remote Access Connection Manager)
  • Key Action Item: Administrators must prioritize workstation patching immediately due to three “one-click” security bypasses (Shell, MSHTML, Word) that allow code execution without user confirmation. Simultaneously, restrict and patch RDP servers to prevent the active SYSTEM-level escalation exploit (CVE-2026-21533).
Important Patches
  • CVE-2026-21510 — Windows Shell Security Feature Bypass Vulnerability
  • CVE-2026-21513 — MSHTML Platform Security Feature Bypass Vulnerability
  • CVE-2026-21514 — Microsoft Office Word Security Feature Bypass Vulnerability
  • CVE-2026-21519 — Desktop Window Manager Elevation of Privilege Vulnerability
  • CVE-2026-21533 — Windows Remote Desktop Services Elevation of Privilege Vulnerability
Click to expand...
chipp.in

Six Zero-Days in the Wild: The February 2026 Windows Patch Tuesday Breakdown - Chipp.in Tech News and Reviews

If January was the warm-up, February is the sprint. Microsoft’s second Patch Tuesday of 2026 has arrived with significant urgency, addressing 59 vulnerabilities in total. While the total count is manageable, the severity is high, as it contains six zero-day vulnerabilities that are currently...
chipp.in chipp.in
 
  • +Reputation
Reactions: oldschool and lokamoka820

You may also like...