Follow Naijacrux on twitter .follow us on Twitter www.twitter.com/naijacruxonline, or @naijacruxonline or search for naijacruxonline on twitter!!Like us on facebook .Like us at www.facebook.com/Naijacruxforum.Click Here To Last longer In Bed[Stay amused>>>Don’t be a one minute Foul]>>> Love need Tips-See how Here


Author Topic: Microsoft's February Patch Tuesday Update Fixes Six Zero-Day Exploits  (Read 78 times)

0 Members and 1 Guest are viewing this topic.

Offline Nairaland

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 405
  • Karma: +0/-0
Advertisement
Microsoft's February Patch Tuesday Update Fixes Six Zero-Day Exploits

Microsoft's February security update is a big one. This latest "Patch Tuesday" fixes 58 vulnerabilities in total, six of which are zero-day flaws. As a reminder, a zero-day is a vulnerability that has been either actively exploited in the wild or publicly disclosed before an official fix is released by the developer.

As BleepingComputer reports, security flaws were found in the following categories: 25 elevation-of-privilege vulnerabilities, five security feature bypass vulnerabilities, 12 remote code-execution vulnerabilities, six information disclosure vulnerabilities, three denial of service vulnerabilities, and seven spoofing vulnerabilities. Three of the elevation of privilege vulnerabilities and two of the information disclosure vulnerabilities are considered "critical." (These numbers do not include the three Microsoft Edge vulnerabilities patched earlier in February.)

Patch Tuesday updates are typically released around 10 am PT on the second Tuesday of every month, and your device should receive them automatically. BleepingComputer reports that this month's release also includes Secure Boot certificate updates for 2011 certificates that are expiring in June.

Six zero-days patched in February

Three of the six actively exploited zero-days fixed in February are security feature bypass vulnerabilities:

  • CVE-2026-21510: This is a flaw the Windows Shell that allows an attacker to execute content without warning or gaining user consent, though the user does need to open a malicious link or shortcut file.

  • CVE-2026-21513: This MSHTML Framework vulnerability allows an unauthorized attacker to bypass a security feature over a network. Microsoft has not released details on how this flaw was exploited.

  • CVE-2026-21514: This vulnerability in Microsoft Word allows an attacker to bypasses OLE mitigations in Microsoft 365 and Microsoft Office once a user has opened a malicious Office file.

All three of the above flaws have been attributed to Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), Office Product Group Security Team, and Google Threat Intelligence Group along with an anonymous researcher for CVE-2026-21510 and CVE-2026-21514.

Two of the zero-days are elevation of privilege vulnerabilities. CVE-2026-21519 is a Desktop Windows Manager flaw that allows an attacker to gain SYSTEM privileges, while CVE-2026-21533 is a Windows Remote Desktop Services flaw that allows an attacker to elevate privileges locally. The former has been attributed to MSTIC and MSRC, while the latter was discovered by the Advanced Research Team at CrowdStrike.

Finally, CVE-2026-21525 is a denial of service vulnerability in the Windows Remote Access Connection Manager that allows an unauthorized attacker to deny service locally. This flaw was discovered by the ACROS Security team with 0patch—it was reportedly found in a public malware repository in December 2025.


Source: Microsoft's February Patch Tuesday Update Fixes Six Zero-Day Exploits


 

 

ChatGPT's Latest Update Makes It Harder Than Ever to Spot AI-Generated Images

Started by Nairaland

Replies: 0
Views: 43
Last post May 06, 2026, 03:38:13 PM
by Nairaland
Apple's Latest Update May Be Installing Previously Deleted Apps on iPhones

Started by Nairaland

Replies: 0
Views: 2186
Last post April 10, 2025, 12:22:24 AM
by Nairaland
A Garmin Update Just Added a Weighted Rucking Setting to These Watches

Started by Nairaland

Replies: 0
Views: 441
Last post May 25, 2025, 02:04:30 PM
by Nairaland
Google's Latest Android Update Patches 46 Security Flaws

Started by Nairaland

Replies: 0
Views: 1335
Last post May 09, 2025, 05:55:30 AM
by Nairaland
Apple's Next macOS Update Could Extend the Lifespan of Your MacBook's Battery

Started by Nairaland

Replies: 0
Views: 79
Last post February 25, 2026, 07:04:06 PM
by Nairaland