Full Report
2Critical51Important1Moderate0LowMicrosoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild and three publicly disclosed CVEs.Microsoft patched 54 CVEs in its February 2026 Patch Tuesday release, with two rated critical, 51 rated as important and one rated as moderate. We omitted one vulnerability from our counts this month, CVE-2023-2804, a heap based overflow vulnerability in the libjpeg-turbo component.This month’s update includes patches for:.NET.NET and Visual StudioAzure ArcAzure Compute GalleryAzure DevOps ServerAzure Front Door (AFD)Azure FunctionAzure HDInsightsAzure IoT SDKAzure LocalAzure SDKDesktop Window ManagerGithub CopilotGitHub Copilot and Visual StudioInternet ExplorerMailslot File SystemMicrosoft Defender for LinuxMicrosoft Edge for AndroidMicrosoft Exchange ServerMicrosoft Graphics ComponentMicrosoft Office ExcelMicrosoft Office OutlookMicrosoft Office WordPower BIRole: Windows Hyper-VWindows Ancillary Function Driver for WinSockWindows App for MacWindows Cluster Client FailoverWindows Connected Devices Platform ServiceWindows GDI+Windows HTTP.sysWindows KernelWindows LDAP - Lightweight Directory Access ProtocolWindows Notepad AppWindows NTLMWindows Remote Access Connection ManagerWindows Remote DesktopWindows ShellWindows StorageWindows Subsystem for LinuxWindows Win32K - GRFXElevation of privilege (EoP) vulnerabilities accounted for 42.6% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 20.4%.ImportantCVE-2026-21510 | Windows Shell Security Feature Bypass VulnerabilityCVE-2026-21510 is a security feature bypass vulnerability affecting Windows Shell. It was assigned a CVSSv3 score of 8.8 and was rated as important. According to Microsoft, this flaw was publicly disclosed prior to a patch being made available and was also exploited in the wild as a zero-day. Exploitation requires an attacker to convince an unsuspecting user to open a malicious link or shortcut file. This would allow the attacker to bypass Windows SmartScreen and Windows Shell warnings by exploiting a flaw in Windows Shell components.ImportantCVE-2026-21533 | Windows Remote Desktop Services Elevation of Privilege VulnerabilityCVE-2026-21533 is an EoP vulnerability affecting Windows Remote Desktop Services. It was assigned a CVSSv3 score of 7.8, rated as important and was reportedly exploited in the wild. Successful exploitation allows a local, authenticated attacker to elevate to SYSTEM privileges.ImportantCVE-2026-21519 | Desktop Window Manager Elevation of Privilege VulnerabilityCVE-2026-21519 is an EoP vulnerability affecting Desktop Window Manager, a Windows service used to render the graphical user interface (GUI) in Windows. It was assigned a CVSSv3 score of 7.8 and rated as important. A local, authenticated attacker could exploit this vulnerability to elevate to SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.ImportantCVE-2026-21514 | Microsoft Word Security Feature Bypass VulnerabilityCVE-2026-21514 is a security feature bypass vulnerability affecting Microsoft Word. It was assigned a CVSSv3 score of 7.8 and rated as important. Successful exploitation requires an attacker to convince a user to open a crafted Office file. According to the Microsoft advisory, the preview pane is not an attack vector. This vulnerability was publicly disclosed prior to a patch being made available and was also exploited in the wild as a zero-day. Microsoft credited the discovery of this vulnerability to an Anonymous researcher, Google Threat Intelligence Group, Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) and Office Product Group Security Team.ModerateCVE-2026-21525 | Windows Remote Access Connection Manager Denial of Service VulnerabilityCVE-2026-21525 is a denial of service (DoS) vulnerability affecting Windows Remote Access Connection Manager (also known as RasMan), a tool used for the management of multiple remote desktop connections. It was assigned a CVSSv3 score of 6.2, was rated as important and was exploited in the wild. While no information has been released about the exploitation of this DoS, the advisory credits the 0patch vulnerability research team for reporting this flaw.ImportantCVE-2026-21513 | MSHTML Framework Security Feature Bypass VulnerabilityCVE-2026-21513 is a security feature bypass vulnerability in the MSHTML Framework. It was assigned a CVSSv3 score of 8.8 and rated as important. According to Microsoft, it was both exploited in the wild and publicly disclosed prior to a patch being available. Successful exploitation of this flaw requires an attacker to convince a potential victim into opening either a malicious HTML file or a shortcut (.lnk) file. Like similar security feature bypass flaws, this vulnerability can bypass protection prompts that would caution a user before opening a file.CVE-2026-21511 | Microsoft Outlook Spoofing VulnerabilityCVE-2026-21511 is a spoofing vulnerability affecting Microsoft Outlook. It was assigned a CVSSv3 score of 7.5 and was rated as important. The spoofing vulnerability is the result of a deserialization of untrusted data flaw, which an attacker can trigger using a crafted email. Microsoft notes that the preview pane is an attack vector for this flaw. CVE-2026-21511 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index.Tenable SolutionsA list of all the plugins released for Microsoft’s February 2026 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.Get more informationMicrosoft's February 2026 Security UpdatesTenable plugins for Microsoft February 2026 Patch Tuesday Security UpdatesJoin Tenable's Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Analysis Summary
Here is the summary of the key vulnerabilities from the February 2026 Microsoft Patch Tuesday, structured as requested.
---
# Vulnerability: Windows Shell Security Feature Bypass (CVE-2026-21510)
## CVE Details
- CVE ID: CVE-2026-21510
- CVSS Score: 8.8 (Important)
- CWE: Not specified
## Affected Systems
- Products: Windows Shell
- Versions: Not specified in detail, applies to affected Windows components receiving the update.
- Configurations: Requires attacker to trick a user into opening a malicious link or shortcut file.
## Vulnerability Description
This is a Security Feature Bypass vulnerability affecting Windows Shell components. Successful exploitation allows an attacker to bypass Windows SmartScreen and Windows Shell warnings.
## Exploitation
- Status: Exploited in the wild (Zero-day) and publicly disclosed.
- Complexity: Not specified, but likely low given the social engineering trigger.
- Attack Vector: Local/User Interaction (opening a malicious link or shortcut file).
## Impact
- Confidentiality: Likely significant (if bypass leads to further actions).
- Integrity: Likely significant (if bypass leads to further actions).
- Availability: Not explicitly detailed.
## Remediation
### Patches
- Microsoft patch provided in February 2026 release.
### Workarounds
- No specific workarounds detailed other than applying the patch.
## Detection
- Detection methods are generally tied to Tenable plugins released for the February 2026 update.
## References
- Vendor advisories: [msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb](https://msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb)
- Relevant links: [tenable-com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1](https://www.tenable.com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1)
---
# Vulnerability: Windows Remote Desktop Services Elevation of Privilege (CVE-2026-21533)
## CVE Details
- CVE ID: CVE-2026-21533
- CVSS Score: 7.8 (Important)
- CWE: Not specified
## Affected Systems
- Products: Windows Remote Desktop Services
- Versions: Not specified in detail.
- Configurations: Requires a local, authenticated attacker.
## Vulnerability Description
An Elevation of Privilege (EoP) vulnerability in Windows Remote Desktop Services. Successful exploitation allows a local, authenticated attacker to elevate their privileges to SYSTEM level.
## Exploitation
- Status: Exploited in the wild.
- Complexity: Medium (Requires local network access and valid credentials).
- Attack Vector: Local.
## Impact
- Confidentiality: High (If SYSTEM privileges are gained).
- Integrity: High (If SYSTEM privileges are gained).
- Availability: Not explicitly detailed.
## Remediation
### Patches
- Microsoft patch provided in February 2026 release.
### Workarounds
- No specific workarounds detailed other than applying the patch.
## Detection
- Detection methods are generally tied to Tenable plugins released for the February 2026 update.
## References
- Vendor advisories: [msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb](https://msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb)
- Relevant links: [tenable-com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1](https://www.tenable.com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1)
---
# Vulnerability: Desktop Window Manager Elevation of Privilege (CVE-2026-21519)
## CVE Details
- CVE ID: CVE-2026-21519
- CVSS Score: 7.8 (Important)
- CWE: Not specified
## Affected Systems
- Products: Desktop Window Manager (DWM)
- Versions: Not specified in detail.
- Configurations: Requires a local, authenticated attacker.
## Vulnerability Description
An Elevation of Privilege (EoP) vulnerability in Desktop Window Manager (DWM). Successful exploitation allows a local, authenticated attacker to elevate their privileges to SYSTEM level.
## Exploitation
- Status: Exploited in the wild (Zero-day).
- Complexity: Medium (Requires local access).
- Attack Vector: Local.
## Impact
- Confidentiality: High (If SYSTEM privileges are gained).
- Integrity: High (If SYSTEM privileges are gained).
- Availability: Not explicitly detailed.
## Remediation
### Patches
- Microsoft patch provided in February 2026 release.
### Workarounds
- No specific workarounds detailed other than applying the patch.
## Detection
- Detection methods are generally tied to Tenable plugins released for the February 2026 update.
## References
- Vendor advisories: [msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb](https://msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb)
- Relevant links: [tenable-com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1](https://www.tenable.com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1)
---
# Vulnerability: Microsoft Word Security Feature Bypass (CVE-2026-21514)
## CVE Details
- CVE ID: CVE-2026-21514
- CVSS Score: 7.8 (Important)
- CWE: Not specified
## Affected Systems
- Products: Microsoft Word (Office)
- Versions: Not specified in detail.
- Configurations: Requires a user to open a crafted Office file. The preview pane is *not* an attack vector.
## Vulnerability Description
A Security Feature Bypass vulnerability affecting Microsoft Word. Successful exploitation allows an attacker to bypass security prompts that might warn a user before opening a file.
## Exploitation
- Status: Exploited in the wild (Zero-day) and publicly disclosed.
- Complexity: Low (Relies on user interaction with a malicious file).
- Attack Vector: Local/Execution (Opening a file).
## Impact
- Confidentiality: Likely significant (If bypass leads to RCE or further compromise).
- Integrity: Likely significant (If bypass leads to RCE or further compromise).
- Availability: Not explicitly detailed.
## Remediation
### Patches
- Microsoft patch provided in February 2026 release.
### Workarounds
- No specific workarounds detailed other than applying the patch.
## Detection
- Detection methods are generally tied to Tenable plugins released for the February 2026 update.
## References
- Vendor advisories: [msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb](https://msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb)
- Relevant links: [tenable-com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1](https://www.tenable.com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1)
---
# Vulnerability: Windows Remote Access Connection Manager Denial of Service (CVE-2026-21525)
## CVE Details
- CVE ID: CVE-2026-21525
- CVSS Score: 6.2 (Moderate - *Note: The summary text incorrectly labels this severity as 'important' despite the score*)
- CWE: Not specified
## Affected Systems
- Products: Windows Remote Access Connection Manager (RasMan)
- Versions: Not specified in detail.
- Configurations: Not specified.
## Vulnerability Description
A Denial of Service (DoS) vulnerability affecting the Windows Remote Access Connection Manager (RasMan), used for managing remote desktop connections.
## Exploitation
- Status: Exploited in the wild.
- Complexity: Not specified.
- Attack Vector: Not specified, but DoS typically can involve network interaction.
## Impact
- Confidentiality: None expected.
- Integrity: None expected (Denial of Service).
- Availability: High (Service disruption).
## Remediation
### Patches
- Microsoft patch provided in February 2026 release.
### Workarounds
- No specific workarounds detailed other than applying the patch.
## Detection
- Detection methods are generally tied to Tenable plugins released for the February 2026 update.
## References
- Vendor advisories: [msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb](https://msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb)
- Relevant links: [tenable-com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1](https://www.tenable.com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1)
---
# Vulnerability: MSHTML Framework Security Feature Bypass (CVE-2026-21513)
## CVE Details
- CVE ID: CVE-2026-21513
- CVSS Score: 8.8 (Important)
- CWE: Not specified
## Affected Systems
- Products: MSHTML Framework
- Versions: Not specified in detail.
- Configurations: Requires an attacker to convince a victim into opening a malicious HTML file or shortcut (.lnk) file.
## Vulnerability Description
A Security Feature Bypass vulnerability in the MSHTML Framework. Successful exploitation allows an attacker to bypass protection prompts designed to caution a user before opening potentially dangerous files.
## Exploitation
- Status: Exploited in the wild and publicly disclosed.
- Complexity: Low (Relies on file opening).
- Attack Vector: Local/Execution (Opening HTML or shortcut files).
## Impact
- Confidentiality: Likely significant (If bypass leads to execution).
- Integrity: Likely significant (If bypass leads to execution).
- Availability: Not explicitly detailed.
## Remediation
### Patches
- Microsoft patch provided in February 2026 release.
### Workarounds
- No specific workarounds detailed other than applying the patch.
## Detection
- Detection methods are generally tied to Tenable plugins released for the February 2026 update.
## References
- Vendor advisories: [msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb](https://msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb)
- Relevant links: [tenable-com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1](https://www.tenable.com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1)
---
# Vulnerability: Microsoft Outlook Spoofing Vulnerability (CVE-2026-21511)
## CVE Details
- CVE ID: CVE-2026-21511
- CVSS Score: 7.5 (Important)
- CWE: Deserialization of Untrusted Data
## Affected Systems
- Products: Microsoft Outlook
- Versions: Not specified in detail.
- Configurations: Triggered via a crafted email. The preview pane *is* an attack vector.
## Vulnerability Description
A spoofing vulnerability in Microsoft Outlook resulting from a deserialization of untrusted data flaw. The flaw can be triggered by receiving a crafted email. Microsoft rates exploitation as "More Likely."
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but exploitation is considered "More Likely."
- Complexity: Not specified, but email delivery implies potential low remote complexity.
- Attack Vector: Network (via crafted email).
## Impact
- Confidentiality: Information disclosure possible due to deserialization exploit.
- Integrity: Data manipulation possible.
- Availability: Not explicitly detailed.
## Remediation
### Patches
- Microsoft patch provided in February 2026 release.
### Workarounds
- No specific workarounds detailed other than applying the patch. Ensure users are cautious when opening emails, especially if the patch cannot be applied immediately, though the preview pane is a vector.
## Detection
- Detection methods are generally tied to Tenable plugins released for the February 2026 update.
## References
- Vendor advisories: [msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb](https://msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Feb)
- Relevant links: [tenable-com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1](https://www.tenable.com/plugins/search?q=%22February+2026%22+AND+script_family%3A%28%22Windows+%3A+Microsoft+Bulletins%22+OR+%22Windows%22%29&sort=&page=1)
---
**General Recommendations:** Microsoft patched a total of 54 CVEs. Due to the presence of **six zero-day vulnerabilities** (including CVE-2026-21510, CVE-2026-21519, and CVE-2026-21514) and three publicly disclosed flaws, immediate patching is strongly advised across all affected environments. Elevation of Privilege (EoP) vulnerabilities accounted for 42.6% of the fixes this month.