Microsoft Patches 6 Actively Exploited Zero-Days in February Security Update

Microsoft's Patch Tuesday tackles six exploited vulnerabilities, including three zero-days in Windows and Office, demanding urgent updates.

By Content Team

Feb 11, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Microsoft's February Patch Tuesday isn't routine maintenance—it's active defense. Attackers are already exploiting six of the 59 disclosed vulnerabilities, making immediate patching critical.

Three zero-days bypass security features in Windows and Office products. CVE-2026-21510 lets attackers slip past SmartScreen protections, while CVE-2026-21513 affects the MSHTML framework and CVE-2026-21514 targets Word documents. All require user interaction but can execute malicious code without warnings.

Two additional zero-days enable privilege escalation to admin-level access, and another causes denial-of-service attacks. Microsoft even issued an emergency out-of-band patch for a similar Office vulnerability in January.

Security experts warn these bypass vulnerabilities dramatically increase phishing and malware campaign success rates, especially dangerous given the widespread use of affected components like Word and Windows Shell.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Critical WinRAR Vulnerability Under Active Attack by Russian, Chinese, and Criminal Groups

Jan 29, 2026

M&S Cyber Attack Chaos Leaves More Questions Than Answers

Feb 18, 2026

UK Companies in Middle East Face Rising Cyber Threats from Iran

Mar 3, 2026

North Korea's Lazarus Group Is Now Targeting Mac Users With a Sneaky New Trick

Apr 25, 2026