Microsoft fixed a total of 58 vulnerabilities during Patch Tuesday in February 2026. That is fewer than in many other months. It is striking that six of these vulnerabilities were already being actively exploited before a security update was available. This means that more than ten percent of the patched vulnerabilities had already been exploited at the time of publication.
The details have been published via the Microsoft Security Response Center and the accompanying Security Update Guide. According to Microsoft, the following zero days were actively exploited:
CVE-2026-21510, a security feature bypass in Windows Shell
CVE-2026-21513, a security feature bypass in the MSHTML framework
CVE-2026-21514, a security feature bypass in Microsoft Word
CVE-2026-21519, a privilege escalation leak in Desktop Window Manager
CVE-2026-21525, a denial-of-service vulnerability in Remote Access Connection Manager
CVE-2026-21533, a privilege escalation leak in Remote Desktop Services
The first three vulnerabilities had already been publicly disclosed before the patches were released. This usually increases the likelihood of rapid exploitation, as technical details are often already circulating within the security community.
In total, Microsoft resolved 25 privilege escalation leaks, 12 vulnerabilities that enable remote code execution, 7 spoofing bugs, 6 information leaks, 5 security feature bypasses, and 3 denial-of-service vulnerabilities this month. Privilege escalation is once again the largest category in this patch round.
Microsoft released update KB5077181 for Windows 11 24H2 and 25H2. KB5075912 was released for Windows 10. The latter update is intended for systems participating in the Extended Security Updates program.
New Secure Boot certificates
Microsoft has also released new Secure Boot certificates. The company previously warned that existing certificates would expire in June. The new certificates are intended to prevent compatibility and startup issues in the future.
Microsoft advises organizations to install the updates as soon as possible, particularly because of the actively exploited zero days. Given the relatively high percentage of leaks that have already been exploited, security experts say this round of patches underscores the importance of strict patch management and additional security measures such as restricting user rights and monitoring suspicious activity.