By Dark Reading
Publication Date: 2026-02-10 21:00:00
Attackers are already actively exploiting six of the 59 vulnerabilities Microsoft disclosed in its latest security update, meaning security teams will need to treat February’s Patch Tuesday more as an active defense exercise rather than just routine maintenance.
Three of the six zero-days are security feature bypass flaws in different Microsoft products, which is particularly troubling for organizations, because they give attackers a way to slip past built-in protections organizations rely on. Microsoft issued an out-of-band for one of the zero-days, underscoring its urgency.
Two of the remaining actively exploited bugs are elevation-of-privilege issues that allow an attacker to gain admin-level privileges on affected systems, while the remaining bug enables denial-of-service attacks.
If that wasn’t enough to keep admins busy, Microsoft assessed five other CVEs it disclosed this week as bugs that attackers are “more likely” to exploit. That’s a term Microsoft uses for bugs for which…
