By Eduard Kovacs
Publication Date: 2026-02-10 19:29:00
Microsoft’s February 2026 Patch Tuesday updates fix roughly 60 vulnerabilities found in the company’s products, including six actively exploited zero-days.
The zero-days are:
- CVE-2026-21510: a Windows SmartScreen and Windows Shell security prompts bypass that can be exploited by convincing the targeted user to open a malicious link or shortcut file.
- CVE-2026-21514: a vulnerability that allows an attacker to bypass OLE mitigations in Microsoft 365 and Office by tricking the target into opening a malicious Office file.
- CVE-2026-21513: an Internet Explorer issue that allows an attacker to bypass security controls and potentially execute code by convincing the victim to open a malicious HTML or LNK file.
- CVE-2026-21519: a Windows Desktop Window Manager flaw that can be exploited by a local attacker for privilege escalation.
- CVE-2026-21533: a Windows Remote Desktop Services vulnerability that allows an attacker to escalate privileges to System.
