Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities

Source: CyberScoop

Author: Matt Kapko

URL: https://cyberscoop.com/microsoft-patch-tuesday-february-2026/

ONE SENTENCE SUMMARY:

Microsoft’s latest patch addresses 59 vulnerabilities, including six actively exploited zero-days, posing significant security risks to users.

MAIN POINTS:

1. Microsoft released updates addressing 59 total vulnerabilities in its products.
2. Six vulnerabilities were actively exploited before the Patch Tuesday release.
3. Three exploited vulnerabilities were publicly known prior to the updates.
4. CVE-2026-21510 and CVE-2026-21513 have CVSS ratings of 8.8, requiring user interaction.
5. CVE-2026-21510 involves bypassing Windows protections via a malicious link.
6. Microsoft patched vulnerabilities also ranked at CVSS 7.8 and 6.2.
7. CVE-2026-21514 and others are security feature bypasses, increasing user risk.
8. Cybersecurity and Infrastructure Security Agency listed all six zero-days in its catalog.
9. Two separate critical vulnerabilities, each rated at 9.8, affect Azure services.
10. Majority of the defects fall under the high-severity category, with 43 vulnerabilities.

TAKEAWAYS:

1. Active exploitation of zero-day vulnerabilities highlights urgent patch necessity.
2. Vulnerabilities pose high risks, with significant potential for phishing attacks.
3. Exploited vulnerabilities often bypass familiar security prompts.
4. Azure-related critical vulnerabilities indicate cloud service risks.
5. Users must stay vigilant and update systems promptly to mitigate threats.