Full Report
Microsoft said three of the exploited vulnerabilities were publicly known, suggesting attackers already had details about the defects prior to Tuesday’s release. The post Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities appeared first on CyberScoop.
Analysis Summary
Here is the vulnerability summary based on the provided article:
# Vulnerability: Active Exploitation of Multiple Microsoft Flaws (February Patch Tuesday)
## CVE Details
This report covers six actively exploited vulnerabilities disclosed in Microsoft's February update. Specific CVEs and scores for all are not enumerated in the text, but key details are provided below for the mentioned exploited flaws:
- **CVE ID:** CVE-2026-21510, CVE-2026-21513, CVE-2026-21514, CVE-2026-21519, CVE-2026-21533, CVE-2026-21525
- **CVSS Score:** 8.8 (Two flaws), 7.8 (Three flaws), 6.2 (One flaw) (Severity based on specific CVEs)
- **CWE:** Protection Mechanism Failure (Cited for CVE-2026-21510)
## Affected Systems
- **Products:** Windows Shell, Internet Explorer, Microsoft Office Word, Desktop Window Manager, Windows Remote Desktop, Windows Remote Access Connection Manager, Azure SDK, Azure Front Door.
- **Versions:** Not specified, covered by the February 2026 Microsoft Security Update.
- **Configurations:** Specific conditions for exploitation vary by CVE (e.g., user interaction required for RCE).
## Vulnerability Description
Microsoft addressed 59 total vulnerabilities, including six zero-days under active attack. Three of these exploited vulnerabilities were publicly known prior to patching. Key categories involved security feature bypasses protecting users from malicious file opening (CVE-2026-21510, CVE-2026-21513, CVE-2026-21514). Two critical vulnerabilities (CVSS 9.8) were also disclosed in Azure components.
**Key Exploited Flaws:**
* **CVE-2026-21510 (CVSS 8.8):** Protection mechanism failure allowing an attacker to **bypass Windows Shell and SmartScreen security prompts** via crafted links or shortcut files. This requires user interaction (clicking a link).
* **CVE-2026-21513 (CVSS 8.8):** Affects Internet Explorer; requires user interaction to allow code execution.
* **CVE-2026-21514 (CVSS 7.8):** Affects Microsoft Office Word; similar to others as a security feature bypass.
* **CVE-2026-21519 (CVSS 7.8):** Affects Desktop Window Manager.
* **CVE-2026-21533 (CVSS 7.8):** Affects Windows Remote Desktop.
* **CVE-2026-21525 (CVSS 6.2):** Affects Windows Remote Access Connection Manager.
## Exploitation
- **Status:** **Exploited in the wild** (For all six zero-days). Three were publicly known beforehand.
- **Complexity:** Low complexity noted for zero-day CVE-2026-21510, requiring no privileges and relying on tricking a user via a link or shortcut.
- **Attack Vector:** Varies, but includes techniques relying on user interaction (phishing-based attacks).
## Impact
- **Confidentiality:** Likely high, especially where RCE is possible.
- **Integrity:** Likely high, enabling system compromise.
- **Availability:** Varies depending on the specific exploit chain.
## Remediation
### Patches
- Patches are available in the **February 2026 Microsoft Patch Tuesday update**.
- The full list of updates is referenced in the vendor's Security Response Center.
### Workarounds
- The article does not specify official workarounds, but notes that exploitation relies on bypassing existing security features (e.g., SmartScreen prompts), implying that user vigilance regarding links/files is critical until patching.
## Detection
- CISA added **all six zero-days** to its Known Exploited Vulnerabilities Catalog.
- Detection focuses on monitoring systems for activity related to the components addressed in the February 2026 update, particularly unusual behavior triggered by user interaction with files or links.
## References
- Vendor advisories: [Microsoft’s Security Response Center (MSRC) February 2026 Release Notes](https://msrc.microsoft.com/update-guide/releaseNote/2026-Feb) (Defanged)
- Trend Micro ZDI Post: [https://www.zerodayinitiative.com/blog/2026/2/10/the-february-2026-security-update-review](https://www.zerodayinitiative.com/blog/2026/2/10/the-february-2026-security-update-review) (Defanged)
- Action1 Post: [https://www.action1.com/patch-tuesday/patch-tuesday-february-2026/](https://www.action1.com/patch-tuesday/patch-tuesday-february-2026/) (Defanged)
- CISA Catalog: [https://www.cisa.gov/known-exploited-vulnerabilities-catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) (Defanged)