Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-day vulnerabilities. Microsoft Patch Tuesday security updates for February 2026 fix 58 new security flaws across Windows, Office, Azure, Edge, Exchange, Hyper-V, WSL, and other components, rising to 62 CVEs when third-party updates are included. Five vulnerabilities are Critical, two Moderate, and most […]

Microsoft Patch Tuesday

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-day vulnerabilities.

Microsoft Patch Tuesday security updates for February 2026 fix 58 new security flaws across Windows, Office, Azure, Edge, Exchange, Hyper-V, WSL, and other components, rising to 62 CVEs when third-party updates are included. Five vulnerabilities are Critical, two Moderate, and most are rated Important. What stands out is that six flaws addressed this month are actively exploited in the wild, three of them publicly known.

Below are the six zero-day vulnerabilities addressed by the IT giant:

  • CVE-2026-21510 (CVSS score of 7.5 – High)
    A Windows SmartScreen and Shell prompt bypass that allows attackers to evade security warnings by tricking users into opening a crafted malicious link or shortcut file.
  • CVE-2026-21513 (CVSS score of 8.8 – High)
    An Internet Explorer security control bypass that can lead to code execution when a victim opens a malicious HTML page or LNK file.
  • CVE-2026-21514 (CVSS score of 8.1 – High)
    A Microsoft 365 and Office flaw that bypasses OLE security mitigations, enabling malicious activity when a specially crafted Office document is opened.
  • CVE-2026-21519 (CVSS score of 7.8 – High)
    A Windows Desktop Window Manager vulnerability that enables local privilege escalation and elevated system access.
  • CVE-2026-21525 (CVSS score of 6.5 – Medium)
    A Windows Remote Access Connection Manager bug that can be abused by a local attacker to cause a denial-of-service condition.
  • CVE-2026-21533 (CVSS score of 8.8 – High)
    A Windows Remote Desktop Services vulnerability that allows attackers to escalate privileges to SYSTEM.

Microsoft labeled CVE-2026-21510, CVE-2026-21514 and CVE-2026-21513 as “publicly disclosed”.

Microsoft credited Google Threat Intelligence Group, its internal security teams, and an anonymous researcher for discovering CVE-2026-21510 and CVE-2026-21514, while Microsoft and GTIG reported the vulnerability CVE-2026-21513.

The full list of CVEs addressed by the Microsoft Patch Tuesday security update for February 2026 is available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Patch Tuesday)