6 zero-day fixes • The Register
6 zero-day fixes • The Register
https://www.theregister.com/2026/02/10/microsofts_valentines_gift_to_admins/
Publish Date: 2026-02-10 17:10:00
Source Domain: www.theregister.com
What better way to say I love you than with an update? Attackers exploited a whopping six Microsoft bugs as zero-days prior to Redmond releasing software fixes on February’s Patch Tuesday.
For comparison, last month we saw just one Windows vulnerability under attack before the January Patch Tuesday fix.
Of course, then there’s also the emergency patches released because the first try didn’t plug the security hole – but that’s a different story.
As always, Microsoft did not provide any additional details about who attacked these six flaws and how widespread exploitation may be. But considering that three of the six are also listed as publicly disclosed – meaning there may already be proof-of-concept exploits floating around the internet – we expect to see more reports (and details) about active exploitation soon.
Here’s what we do know about the six CVEs under attack, and you can read about all 59 Microsoft CVEs here.
Windows Shell Security Feature Bypass Vulnerability (CVE-2026-21510): Exploiting this bug, which received an 8.8 CVSS rating, requires an attacker to convince a user to open a malicious link or shortcut file – but we all know that most people will click on just about anything, so that’s not difficult to pull off. Once the user opens the malicious link, the attacker can bypass Windows SmartScreen and Windows Shell security prompts to execute code on the victim’s system without user warning or consent.
As Trend Micro Zero Day Initiative’s Dustin Childs warns, “this bug is listed as a security feature bypass, but it could also be classified as code execution … Definitely test and deploy this fix quickly.”
In addition to being marked “exploitation detected,” Microsoft lists this bug as being publicly disclosed.
Internet Explorer Security Feature Bypass Vulnerability (CVE-2026-21513): This bug also…
