Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities

Staff Editor 2026-02-10
Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities

Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities

https://cyberscoop.com/microsoft-patch-tuesday-february-2026/

Publish Date: 2026-02-10 15:50:00

Source Domain: cyberscoop.com

Microsoft’s latest security update is littered with zero-day vulnerabilities, actively exploited defects that account for more than 10% of the total CVEs the vendor addressed in this month’s Patch Tuesday update.

The vendor addressed 59 vulnerabilities affecting its various products for business operations and underlying systems, including six defects that were actively exploited prior to Microsoft’s release of its monthly batch of patches. Microsoft said three of the exploited vulnerabilities were publicly known, suggesting attackers already had details about the defects prior to Tuesday’s release.

“The number of bugs under active attack is extraordinarily high,” Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, said in a blog post.

Microsoft’s February security update matched the high it reached last March when it disclosed six actively exploited zero-days.

The highest rated zero-days, a pair of defects with CVSS ratings of 8.8, include CVE-2026-21510 affecting Windows Shell 8.8 and CVE-2026-21513 affecting Internet Explorer. Both vulnerabilities require user interaction and could allow attackers to execute code.

Mike Walters, president and co-founder of Action1, said CVE-2026-21510 is caused by a protection mechanism failure that allows an attacker to bypass Windows protections by tricking a user to click on a single malicious link.

“Functional exploit techniques exist, demonstrating reliable bypass of Windows Shell and SmartScreen security prompts through crafted links or shortcut files. No privileges are required by the attacker, making this vulnerability highly attractive for phishing-based attacks,” Walters said in a blog post.

The remaining zero-days include three defects with CVSS ratings of 7.8: CVE-2026-21514 affecting Microsoft Office Word, CVE-2026-21519 affecting Desktop Window Manager, and CVE-2026-21533 affecting Windows Remote Desktop. CVE-2026-21525, which affects…

Source

More Stories

Diaspo #444: From supercomputers to cybersecurity, Asmae Mhassni’s unconventional path

Diaspo #444: From supercomputers to cybersecurity, Asmae Mhassni’s unconventional path

Staff Editor 2026-06-06
Opal Security Raises Million for AI-Native Identity Governance

Opal Security Raises $23 Million for AI-Native Identity Governance

Staff Editor 2026-06-06
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy