Today is the monthly Windows Update day, fixing six zero-day vulnerabilities, 58 vulnerabilities, and introducing a new Secure Boot certificate before its expiration in June.
The monthly Windows Update, which delivers security updates and bug fixes for Windows, has been released. This Windows Update fixes several vulnerabilities, including a vulnerability in Notepad .
February 2026 security updates (monthly)
https://www.microsoft.com/en-us/msrc/blog/2026/02/202602-security-update
The February 2026 Microsoft Monthly Security Update has been released. Updates are automatically applied by default. For organizations that manage updates, we have published an overview on our blog. Please refer to this and deploy updates as soon as possible. https://t.co/qQMc3UNjUp #Security #Updates #Microsoftpic.twitter.com /4wMK0LwSoj
— Microsoft Security Team (@JSECTEAM) February 10, 2026
| Target products | maximum severity | The biggest impact | Related knowledge base articles or support web pages |
|---|---|---|---|
| Windows 11 v25H2, v24H2, v23H2 | important | Remote code execution possible | v25H2, v24H2 5077181 v25H2, v24H2 Hotpatch 5077212 v23H2 5075941 |
| Windows Server 2025 (including Server Core installation) | important | Remote code execution possible | 5075899 HotPatch 5075942 |
| Windows Server 2022, 23H2 (including Server Core installation) | important | Remote code execution possible | Windows Server 2022 5075906 HotPatch 5075943 Windows Server 23H2 5075897 |
| Windows Server 2019, 2016 (including Server Core installation) | important | Remote code execution possible | Windows Server 2019 5075904 Windows Server 2016, 5075999 |
| Microsoft Office | important | Privilege Escalation | https://learn.microsoft.com/officeupdates |
| Microsoft SharePoint | important | Impersonation | https://learn.microsoft.com/officeupdates/sharepoint-updates |
| Microsoft Exchange Server | important | Impersonation | https://learn.microsoft.com/exchange Released: February 2026 Exchange Server Security Updates |
| Microsoft SQL Server | important | Remote code execution possible | https://learn.microsoft.com/sql |
| Microsoft .NET | important | Impersonation | https://learn.microsoft.com/dotnet |
| Microsoft Visual Studio | important | Remote code execution possible | https://learn.microsoft.com/visualstudio |
| Microsoft Azure | emergency | Remote code execution possible | https://learn.microsoft.com/azure |
| Microsoft Defender for Endpoint for Linux | important | Remote code execution possible | Microsoft Defender for Endpoint for Linux - Microsoft Defender for Endpoint |
The February 2026 update fixed six vulnerabilities that were being exploited in the wild, three of which had already been publicly disclosed. The six vulnerabilities that were being exploited in the wild are as follows:
◆CVE-2026-21510: Windows Shell Security Feature Bypass Vulnerability
This vulnerability can be exploited by opening a specially crafted link or shortcut file. Microsoft explained that 'by exploiting improper handling in the Windows Shell component, an attacker could bypass Windows SmartScreen and Windows Shell security prompts and execute attacker-controlled content without user warning or consent.'
◆CVE-2026-21513: MSHTML Framework security feature bypass vulnerability
The MSHTML security feature bypass vulnerability in Windows is described by Microsoft as 'a flaw in a protection mechanism in the MSHTML Framework that could allow an unauthenticated attacker to bypass security features over a network.'
Details of how it was exploited have not been released.
◆CVE-2026-21514: Microsoft Word Security Feature Bypass Vulnerability
A user can open a malicious Office file, allowing an unprivileged attacker to locally bypass security features.
◆CVE-2026-21519: Desktop Window Manager Privilege Escalation Vulnerability
A vulnerability in the Desktop Window Manager could allow a privileged attacker to locally escalate their privileges by accessing a resource using an incompatible type.
◆CVE-2026-21525: Windows Remote Desktop Connection Manager Denial of Service Vulnerability
This is a null pointer dereference vulnerability in the Remote Desktop Connection Manager that could allow an unprivileged attacker to cause a local denial of service.
◆CVE-2026-21533: Windows Remote Desktop Services Privilege Escalation Vulnerability
A privilege escalation vulnerability in Remote Desktop Services could allow an authenticated attacker to gain local SYSTEM privileges.
Additionally, Microsoft has begun rolling out updated Secure Boot certificates through monthly Windows updates to replace the original 2011 certificates, which are due to expire in late June 2026.
IMPORTANT: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and…
— Windows Update (@WindowsUpdate) January 13, 2026
Windows Updates are released on the second Tuesday of each month, Pacific Standard Time, with the next update scheduled for Tuesday, March 10, 2026, Pacific Standard Time.
Related Posts:
in Software, Posted by log1p_kr