Microsoft has released its February 2026 security updates, addressing 59 vulnerabilities across its software ecosystem. Of particular concern, six of these vulnerabilities have been actively exploited in the wild, prompting urgent warnings from cybersecurity authorities.
The patched vulnerabilities include five rated Critical and 52 rated Important in severity. The most serious issues include privilege escalation flaws that could allow attackers to gain system-level access to compromised devices, as well as remote code execution vulnerabilities that could enable malicious code to run without user interaction.
The six actively exploited vulnerabilities span multiple Microsoft products. A protection mechanism failure in Windows Shell (CVE-2026-21510) allows attackers to bypass security features over a network. A similar issue in the MSHTML Framework (CVE-2026-21513) enables crafted files to silently bypass Windows security prompts with a single click.
Microsoft Office Word contains a reliance on untrusted inputs (CVE-2026-21514) that allows security feature bypass through malicious documents. The Desktop Window Manager has a type confusion vulnerability (CVE-2026-21519) enabling local privilege escalation. Windows Remote Access Connection Manager suffers from a null pointer dereference (CVE-2026-21525) that can cause denial of service. Finally, improper privilege management in Windows Remote Desktop (CVE-2026-21533) allows attackers to elevate privileges to administrator level.
Security researchers warn that these privilege escalation vulnerabilities are particularly dangerous when combined with initial access gained through other means such as malicious email attachments or remote code execution flaws. Once attackers achieve SYSTEM-level access, they could disable security tools, deploy additional malware, or access credentials leading to full network compromise.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added all six vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring federal civilian agencies to apply fixes within 21 days. Organizations should prioritize patching these vulnerabilities immediately given their active exploitation in real-world attacks.
The February updates also include new Secure Boot certificates to replace 2011 certificates expiring in June 2026. Microsoft is implementing these certificates through regular Windows updates. Devices that miss the update will enter a degraded security state limiting future boot-level protections.
Additionally, Microsoft is strengthening default protections in Windows through two new initiatives. Windows Baseline Security Mode will enable runtime integrity safeguards by default, ensuring only properly signed software can run. User Transparency and Consent will introduce consistent prompts when applications access sensitive resources, similar to Apple’s TCC framework on macOS.
These updates reflect Microsoft’s continued focus on security through its Secure Future Initiative and Windows Resiliency Initiative. Organizations should apply these patches promptly to protect against ongoing exploitation of these serious vulnerabilities.