Microsoft Patches 6 Actively Exploited Zero-Days in February Patch Tuesday

Microsoft released its February 2026 Patch Tuesday updates addressing 58 security vulnerabilities, with six confirmed as actively exploited zero-days. The combination of active exploitation and public disclosure makes this an urgent patch cycle for Windows administrators.

The Six Actively Exploited Vulnerabilities

CVE-2026-21510 and CVE-2026-21513 are security feature bypass vulnerabilities affecting Windows Shell and the MSHTML Framework respectively. Both were publicly disclosed and exploited in the wild before patches became available. CVE-2026-21514 affects Microsoft Word, allowing attackers to bypass security features through specially crafted documents.

Three elevation of privilege vulnerabilities round out the list: CVE-2026-21519 in Desktop Window Manager, CVE-2026-21533 in Windows Remote Desktop Services (reported by CrowdStrike researchers), and CVE-2026-21525 in Windows Remote Access Connection Manager. The latter was discovered by the 0patch research team after finding an exploit in a public malware repository.

Widespread Impact

The vulnerabilities affect multiple Windows versions and core Microsoft applications. The presence of exploits in public malware repositories and active targeting by threat actors underscores the urgency of applying these patches. Security researchers note that attackers are increasingly chaining multiple vulnerabilities together to achieve deeper system compromise.

Deployment Priority

Organizations should prioritize deployment of these updates, particularly for systems exposed to the internet or used by high-value targets. The active exploitation of these flaws means attackers already have working exploits, making unpatched systems immediately vulnerable to attack.