Full Report
Microsoft security advisory – February 2026 monthly rollup (AV26-111)
Analysis Summary
# Vulnerability: Microsoft February 2026 Monthly Rollup (AV26-111) - Multiple Critical Fixes
## CVE Details
*Due to the nature of a rollup advisory (AV26-111), specific details (CVSS, CWE) for individual CVEs are not provided in the source summary. The following list highlights the reported exploited CVEs.*
- CVE ID: CVE-2026-21525, CVE-2026-21514, CVE-2026-21510, CVE-2026-21513, CVE-2026-21533, CVE-2026-21519
- CVSS Score: N/A (Individual scores not detailed in summary)
- CWE: N/A
## Affected Systems
- Products: .NET (10.0, 8.0, 9.0), Azure AI Language Authoring, Azure ARC, Azure DevOps Server 2022, Azure Front Door, Azure Functions, Azure HDInsight, Azure IoT Explorer, Azure Local, GitHub Copilot Plugin for JetBrains IDEs, Microsoft 365, Microsoft ACI Confidential Containers, Microsoft Defender for Endpoint for Linux, Microsoft Excel 2016, Microsoft Exchange Server (2016, 2019, Subscription Edition RTM), Microsoft Office (2019, LTSC, LTSC 2021, LTSC 2024), Microsoft Outlook 2016, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server (2019, Subscription Edition), Microsoft SQL Server (2022, 2025), Microsoft Visual Studio 2022, Microsoft Word 2016, Office Online Server, Power BI Report Server, Visual Studio Code, Windows 10, Windows 11, Windows App for Mac, Windows Notepad, Windows Server (2012, 2016, 2019, 2022, 2025).
- Versions: Covered by the February 2026 updates. (Specific version ranges for individual CVEs require checking the linked MSRC guide).
- Configurations: Not specified in the summary.
## Vulnerability Description
This advisory (AV26-111) addresses multiple vulnerabilities across the Microsoft product line, including critical updates for .NET frameworks, Azure services, Exchange, SharePoint, SQL Server, and various Windows releases. Several vulnerabilities included in this rollup are reported as being actively exploited.
## Exploitation
- Status: **Exploited in the wild** (Specifically confirmed for CVE-2026-21525, CVE-2026-21514, CVE-2026-21510, CVE-2026-21513, CVE-2026-21533, and CVE-2026-21519).
- Complexity: Not specified, but exploitation in the wild implies feasibility.
- Attack Vector: Likely varied across the multiple included vulnerabilities (Network, Local, etc.).
## Impact
- Confidentiality: Undetermined (Requires individual CVE review)
- Integrity: Undetermined (Requires individual CVE review)
- Availability: Undetermined (Requires individual CVE review)
## Remediation
### Patches
- Patches are available as part of the **February 2026 Security Updates**. Administrators must apply these cumulative updates immediately.
### Workarounds
- No specific workarounds are detailed in the summary; immediate patching is strongly encouraged due to active exploitation.
## Detection
- Detection relies on monitoring for indicators associated with the specific patched CVEs after applying the cumulative update.
- Detection methods should focus on reviewing logs across affected systems for signs of the exploits targeting the unpatched vulnerabilities.
## References
- Vendor Advisories:
- hxxps://msrc.microsoft.com/update-guide/releaseNote/2026-Feb
- hxxps://msrc.microsoft.com/update-guide/en-us