Microsoft’s February 2026 Patch Tuesday rollout addresses roughly 60 security vulnerabilities across its product ecosystem, including six zero‑day flaws that were already being exploited in the wild.
The actively exploited zero‑days include:
- CVE‑2026‑21510 – A bypass affecting Windows SmartScreen and Windows Shell security prompts. Attackers can exploit it by persuading a user to open a malicious link or shortcut file.
- CVE‑2026‑21514 – An OLE mitigation bypass in Microsoft 365 and Office, triggered when a victim opens a specially crafted Office document.
- CVE‑2026‑21513 – A vulnerability in Internet Explorer that enables attackers to evade security controls and potentially execute arbitrary code via a malicious HTML or LNK file.
- CVE‑2026‑21519 – A local privilege escalation issue in Windows Desktop Window Manager.
- CVE‑2026‑21533 – A Windows Remote Desktop Services flaw that lets an attacker elevate privileges to SYSTEM.
- CVE‑2026‑21525 – A vulnerability in Windows Remote Access Connection Manager that can be abused to launch a local denial‑of‑service attack.
At this stage, no public details are available regarding active attack campaigns exploiting these weaknesses.
Notably, Microsoft credited Google Threat Intelligence Group (GTIG), its internal research teams, and an anonymous contributor for discovering CVE‑2026‑21510 and CVE‑2026‑21514. CVE‑2026‑21513 was uncovered jointly by Microsoft and GTIG. This overlap in attribution suggests the zero‑days may have been abused by related threat actors or during the same intrusion campaigns. GTIG has historically reported activity from commercial spyware vendors, state‑aligned APT actors, and financially motivated attackers, with nation‑state groups frequently behind zero‑day operations of this nature.
Microsoft’s advisories list CVE‑2026‑21510, CVE‑2026‑21514, and CVE‑2026‑21513 as publicly disclosed prior to the patch release.
CVE‑2026‑21519 was identified by Microsoft’s internal security teams, whereas CrowdStrike is credited with discovering CVE‑2026‑21533, and Acros Security identified CVE‑2026‑21525.
Beyond Windows and Office, the February update cycle also delivers fixes across multiple Microsoft platforms, including Azure, Windows Defender, Exchange Server, .NET, GitHub Copilot, Edge, and Power BI.
CyberSecurity Insight has requested further information from both companies regarding exploitation details.\\
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
