Skip to main content
Mallory

Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates

widely-deployed-product-advisoryactively-exploited-vulnerabilityendpoint-software-vulnerabilitycloud-service-vulnerability
Updated March 21, 2026 at 02:35 PM11 sources
Share:
Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates

Get Ahead of Threats Like This

Know if you're exposed. Before adversaries strike.

Microsoft released its February 2026 Patch Tuesday security updates, addressing 54–58 vulnerabilities across Windows and other Microsoft products, including six zero-days that were publicly disclosed and/or actively exploited prior to patch availability. Reported zero-days include CVE-2026-21514 (Office Word security feature bypass), CVE-2026-21513 (MSHTML security feature bypass), CVE-2026-21510 (Windows Shell security feature bypass), CVE-2026-21533 (Windows Remote Desktop Services elevation of privilege), CVE-2026-21525 (Windows Remote Access Connection Manager DoS), and CVE-2026-21519 (Desktop Window Manager elevation of privilege). The broader release spans common bug classes such as RCE, EoP, information disclosure, spoofing, DoS, and security feature bypass, with multiple Critical issues also called out, including Azure Compute Gallery flaws impacting ACI Confidential Containers (CVE-2026-23655, CVE-2026-21522).

As part of the February Windows updates, Microsoft also began a phased rollout of updated Secure Boot certificates to replace the original 2011 certificates ahead of their expiration in late June 2026, using “targeting data” and “successful update signals” to control deployment. Windows 11 cumulative updates (including KB5077181 and KB5075941) were released as mandatory Patch Tuesday packages for supported Windows 11 versions, bundling the security fixes alongside additional reliability and feature changes. Separately, Adobe issued February security bulletins covering 44 CVEs across multiple Creative Cloud products; those Adobe issues were not listed as publicly known or under active attack at release.

Timeline

  1. Feb 10, 2026

    Cisco Talos publishes Snort coverage for February Microsoft flaws

    Cisco Talos announced updated Snort rules to help detect exploitation attempts related to some of the vulnerabilities addressed in Microsoft's February 2026 Patch Tuesday release. The guidance accompanied Talos' review of the month's prominent Microsoft vulnerabilities.

  2. Feb 10, 2026

    Canadian Centre for Cyber Security issues February Microsoft advisory

    On 2026-02-10, the Canadian Centre for Cyber Security published advisory AV26-111 summarizing Microsoft's February security updates. The advisory highlighted the six actively exploited CVEs and urged administrators to review Microsoft's guidance and apply the updates.

  3. Feb 10, 2026

    CISA adds the six exploited Microsoft flaws to the KEV catalog

    Following Microsoft's February 2026 Patch Tuesday release, CISA added all six actively exploited zero-day vulnerabilities to its Known Exploited Vulnerabilities catalog. This elevated the urgency for federal agencies and other defenders to prioritize remediation.

  4. Feb 10, 2026

    Windows 11 cumulative updates KB5077181 and KB5075941 released

    On 2026-02-10, Microsoft released mandatory Windows 11 cumulative updates KB5077181 and KB5075941 for versions 25H2/24H2 and 23H2. The updates delivered the February security fixes along with quality improvements and new features, and Microsoft said it was not aware of new issues at release.

  5. Feb 10, 2026

    Microsoft begins phased rollout of updated Secure Boot certificates

    As part of the February 2026 updates, Microsoft started a phased deployment of updated Secure Boot certificates to replace expiring 2011 certificates. The rollout used device targeting data and successful-update signals to control deployment.

  6. Feb 10, 2026

    Microsoft patches six actively exploited zero-days

    The February 2026 Patch Tuesday release fixed six zero-day vulnerabilities that Microsoft said were actively exploited in the wild, including flaws in Windows Shell/SmartScreen, MSHTML, Microsoft Word, Desktop Window Manager, Remote Desktop Services, and Remote Access Connection Manager. Three of the zero-days were also publicly disclosed before patches became available.

  7. Feb 10, 2026

    Microsoft releases February 2026 Patch Tuesday fixes

    On 2026-02-10, Microsoft published its February 2026 Patch Tuesday security updates, addressing roughly 54-59 vulnerabilities across Windows, Office, Azure, Exchange, developer tools, and other products. The release included multiple critical issues and required customer action to apply the fixes.

See the full picture in Mallory

Mallory subscribers get deeper analysis on every story, including:

Impact Assessment

Who’s affected and how

Technical Details

Deep-dive technical analysis

Response Recommendations

Actionable next steps for your team

Indicators of Compromise

IPs, domains, hashes, and more

AI Threads

Ask questions and take action on every story

Advanced Filters

Filter by topic, classification, timeframe

Scheduled Alerts

Get matching stories delivered automatically

Related Entities

Vulnerabilities

Windows Remote Desktop Services Elevation of Privilege Vulnerability (CVE-2026-21533)Windows Shell SmartScreen and Security Prompt Bypass via Malicious LNK/Link (CVE-2026-21510)Desktop Window Manager Type Confusion Elevation of Privilege (CVE-2026-21519)Microsoft Word OLE Security Feature Bypass (CVE-2026-21514)MSHTML Framework Security Feature Bypass via Malicious HTML or LNK Files (CVE-2026-21513)Windows Remote Access Connection Manager Null Pointer Dereference DoS (CVE-2026-21525)CVE-2026-24300RCE via unsafe deserialization in Azure SDK (Azure SDK for Python) (CVE-2026-21531)CVE-2026-24302Command Injection in GitHub Copilot and Visual Studio Code mcp.json Handling (CVE-2026-21518)XSS in Azure HDInsights (network spoofing) (CVE-2026-21529)Spoofing via Deserialization of Untrusted Data in Microsoft Outlook (CVE-2026-21511)CVE-2026-21250Information disclosure in Azure IoT Explorer via unrestricted IP bind (CVE-2026-21528)Information Disclosure in Azure Compute Gallery / Microsoft ACI Confidential Containers (CVE-2026-23655)Windows Storage Elevation of Privilege Vulnerability (CVE-2026-21508)TOCTOU race condition RCE in GitHub Copilot and Visual Studio Code (CVE-2026-21523)Code injection RCE in Microsoft Defender for Linux (Defender for Endpoint Linux extension) (CVE-2026-21537)Command Injection RCE in GitHub Copilot and Visual Studio (CVE-2026-21256)Command Injection Privilege Escalation in GitHub Copilot and Visual Studio (CVE-2026-21257)Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2026-21255)CVE-2026-21512Local privilege escalation via link following in Windows App for Mac (CVE-2026-21517)Local information disclosure in Microsoft Office Excel (improper input validation) (CVE-2026-21258)Mailslot File System Elevation of Privilege Vulnerability (CVE-2026-21253)Microsoft Outlook Spoofing Vulnerability (CVE-2026-21260)CVE-2026-21259Command injection RCE in GitHub Copilot for JetBrains (CVE-2026-21516)Out-of-bounds read information disclosure in Microsoft Office Excel (CVE-2026-21261)Azure Function Information Disclosure Vulnerability (CVE-2026-21532)Spoofing in Microsoft Exchange Server InterceptorSmtpAgent (CVE-2026-21527)Command Injection in Azure Compute Gallery / Microsoft ACI Confidential Containers (CVE-2026-21522)Windows Cluster Client Failover Use-After-Free Elevation of Privilege (CVE-2026-21251)

Organizations

Microsoft CorporationTrend MicroAction1GitHubCrowdStrikeFortinet0patchSAPBeyondtrustRed Hat

Affected Products

Microsoft OfficeWindows App For MacAzure HdinsightAzure Devops ServerAzure Iot ExplorerInternet ExplorerAzure Front Door

Sources

cyber security news
Microsoft Releases Critical Windows 11 Cumulative Updates for Versions 25H2, 24H2, and 23H2
February 11, 2026 at 12:19 PM
security affairs
Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days
February 10, 2026 at 10:31 PM
cyberscoop
Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities | CyberScoop
February 10, 2026 at 08:50 PM
ca ccs
Microsoft security advisory - February 2026 monthly rollup (AV26-111) - Canadian Centre for Cyber Security
February 10, 2026 at 08:22 PM
cyber security news
Microsoft Patch Tuesday February 2026 - 54 Vulnerabilities Fixed, Including 6 Zero-days
February 10, 2026 at 06:11 PM

5 more from sources like bleeping computer, dark reading, krebs on security and talos intelligence blog

Related Stories

Microsoft March Patch Tuesday Ships 83 Fixes and Windows 11 Cumulative Updates

Microsoft March Patch Tuesday Ships 83 Fixes and Windows 11 Cumulative Updates

Microsoft’s March Patch Tuesday security release shipped fixes for **83 vulnerabilities** across its enterprise software and services, and was notable for having **no actively exploited zero-days** for the first time in six months. Microsoft flagged **six** vulnerabilities as “more likely to be exploited,” and noted two issues—`CVE-2026-21262` and `CVE-2026-26127`—were **publicly known** at release. Researchers highlighted an Excel information-disclosure issue, `CVE-2026-26144`, describing a scenario where an attacker could potentially induce a *Copilot Agent* to exfiltrate data in a **zero-click** style workflow, and also pointed to Office flaws `CVE-2026-26110` and `CVE-2026-26113` (CVSS 8.4) that could enable **arbitrary code execution** via the Office preview pane. Microsoft also released **mandatory Windows 11 cumulative updates** `KB5079473` (25H2/24H2) and `KB5078883` (23H2) that incorporate the March 2026 Patch Tuesday security fixes, along with additional non-security changes. The updates advance build numbers to **26200.8037/26100.8037** (25H2/24H2) and **22631.6783** (23H2), expand “high-confidence device targeting” to increase coverage for automatic delivery of new **Secure Boot certificates**, and include reliability improvements such as better File Explorer search across drives and changes to **Windows Defender Application Control (WDAC)** behavior for COM objects (policy listing support).

1 months ago
Microsoft Patch Tuesday Fixes Six Actively Exploited Zero-Days Including Windows Shell SmartScreen Bypass

Microsoft Patch Tuesday Fixes Six Actively Exploited Zero-Days Including Windows Shell SmartScreen Bypass

Microsoft released its February Patch Tuesday security updates addressing **~58–59 vulnerabilities** across Windows and other products, including **six zero-day flaws confirmed as actively exploited in the wild** and **five Critical** issues. Reported vulnerability classes were led by **Elevation of Privilege (25)**, followed by **Remote Code Execution (12)** and **Security Feature Bypass (5)**, with additional fixes for spoofing, information disclosure, DoS, and XSS; Microsoft also noted additional *Edge* fixes shipped outside the prior Patch Tuesday cadence, including an Android spoofing issue (`CVE-2026-0391`). One of the actively exploited zero-days highlighted across reporting is `CVE-2026-21510`, a **Windows Shell security feature bypass** that can be abused to evade **Mark-of-the-Web/SmartScreen-style warnings** by using specially crafted files (e.g., shortcut/link formats) so that untrusted content can execute without expected prompts, making it well-suited to phishing and social-engineering delivery. Separate coverage also noted Microsoft’s rollout of **updated Secure Boot certificates** ahead of the June 2026 expiration of legacy 2011 certificates, a change with broad implications for Windows boot integrity and enterprise device management.

1 months ago
February 2026 Patch Tuesday Security Updates for Microsoft Windows and Adobe Products

February 2026 Patch Tuesday Security Updates for Microsoft Windows and Adobe Products

Microsoft and Adobe released their **February 2026 Patch Tuesday** security updates, with Microsoft addressing **58 vulnerabilities** and reporting **six actively exploited zero-day flaws** as part of the month’s fixes. Microsoft also continued its rollout of **replacements for expiring Secure Boot certificates** and shipped the Windows 10 **KB5075912** Extended Security Update (ESU) for eligible systems (e.g., Windows 10 Enterprise LTSC and ESU-enrolled devices), updating builds to **19045.6937** (Windows 10) and **19044.6937** (LTSC 2021). In addition to security fixes, KB5075912 includes reliability remediation for an issue where some **Secure Launch-capable** PCs with **VSM** enabled could not shut down or hibernate after January 2026 security updates. Adobe published **nine security bulletins** covering **44 CVEs** across products including *After Effects, Audition, InDesign, Adobe Bridge, Lightroom Classic,* and multiple *Substance 3D* applications, with several issues rated **Critical** and potentially leading to **code execution** (notably in *After Effects* and *Substance 3D Stager*). Adobe stated that, at release time, none of the addressed vulnerabilities were listed as publicly known or under active attack, contrasting with Microsoft’s disclosure of in-the-wild exploitation for multiple zero-days in the same Patch Tuesday cycle.

1 months ago

Get Ahead of Threats Like This

Mallory continuously monitors global threat intelligence and correlates it with your attack surface. Know if you're exposed. Before adversaries strike.