Microsoft February 2026 Patch Tuesday Report: Addressing Vulnerabilities and Enhancements
This month, Microsoft unveiled its February 2026 Patch Tuesday updates, addressing a total of 58 vulnerabilities, including six classified as zero-days under active exploitation and three publicly disclosed.
Five vulnerabilities carry a “Critical” rating, including three related to elevation of privileges and two linked to information disclosure.
Vulnerabilities addressed include:
- 25 Elevation of Privilege flaws
- 5 Security Feature Bypass issues
- 12 Remote Code Execution weaknesses
- 6 Information Disclosure problems
- 3 Denial of Service vulnerabilities
- 7 Spoofing vulnerabilities
This report discusses flaws remedied by Microsoft in February, excluding three fixes for the Microsoft Edge browser released earlier in the month.
Additionally, Microsoft is rolling out new Secure Boot certificates to replace older ones from 2011 set to expire in June 2026, enhancing security for eligible devices.
Understanding the Zero-Day Vulnerabilities
The February Patch Tuesday introduces six actively exploited zero-days:
-
CVE-2026-21510 – A security feature bypass vulnerability in Windows Shell that requires user interaction to be exploited.
-
CVE-2026-21513 – A flaw in the MSHTML Framework that allows an unauthorized attacker to bypass security features over a network.
-
CVE-2026-21514 – A vulnerability in Microsoft Word that could be exploited via a malicious Office file.
-
CVE-2026-21519 – A flaw in the Desktop Window Manager that may grant attackers SYSTEM privileges.
-
CVE-2026-21525 – A Denial of Service flaw in Windows Remote Access Connection Manager, potentially causing a local denial of service.
-
CVE-2026-21533 – This relates to Windows Remote Desktop Services, allowing local privilege escalation.
CVE-2026-21513, CVE-2026-21510, and CVE-2026-21514 have been publicly disclosed.
Recent Updates from Other Vendors
Other tech companies have also announced security patches and advisories in February 2026. Additionally, Microsoft has begun rolling out built-in Sysmon functionality within Windows 11 insider builds, beneficial for system administrators.
Summary of February 2026 Patch Tuesday Updates
For a complete view of all vulnerabilities addressed in this month’s update, it is advisable to explore the official Microsoft report.
Key Takeaways
- Microsoft addressed 58 vulnerabilities in the February 2026 Patch Tuesday updates.
- Six zero-day vulnerabilities under active exploitation have been patched.
- Multiple “Critical” vulnerabilities highlight the need for prompt updates.
- New Secure Boot certificates are being rolled out for enhanced device security.
- Regular updates from Microsoft and other vendors are crucial for maintaining security.
This information underscores the importance of keeping software up to date to protect against potential exploits and security breaches.