HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Microsoft Issues Six Zero‑Day Patches in February 2026, Including Exploited Windows Shell Bypass

Microsoft’s February 2026 Patch Tuesday delivered fixes for over 50 vulnerabilities, notably six zero‑day flaws already being leveraged in the wild. The bugs affect Windows Shell, MSHTML, Word, Remote Desktop Services, DWM, and VPN connectivity, creating urgent remediation needs for any organization that relies on Microsoft software.

LiveThreat™ Intelligence · 📅 April 06, 2026· 📰 krebsonsecurity.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
krebsonsecurity.com

Microsoft Issues Six Zero‑Day Patches in February 2026, Including Exploited Windows Shell Bypass

What Happened — Microsoft released its February 2026 Patch Tuesday, delivering fixes for more than 50 vulnerabilities and six actively‑exploited zero‑day flaws across Windows, Office, Remote Desktop Services, and AI‑assisted development tools. The zero‑days span security‑feature bypasses, privilege‑escalation paths, and a denial‑of‑service condition.

Why It Matters for TPRM

  • Unpatched Windows endpoints used by third‑party vendors remain a high‑value attack surface.
  • Exploited zero‑days can lead to credential theft, lateral movement, and disruption of remote‑access services that many suppliers rely on.
  • AI‑related code‑execution bugs expose development pipelines that handle API keys and other privileged secrets.

Who Is Affected — Enterprises across all sectors that run supported Windows versions, use Microsoft Office, rely on Remote Desktop/VPN for vendor access, or embed GitHub Copilot/VS Code in developer workflows.

Recommended Actions

  • Deploy the February 2026 patches immediately on all Windows and Office installations.
  • Verify that remote‑desktop and VPN gateways are patched against the RDP and RACM zero‑days.
  • Review AI‑assisted development environments for prompt‑injection risks and enforce least‑privilege for API keys.
  • Conduct a rapid inventory of third‑party assets that may still be on vulnerable versions and require forced updates.

Technical Notes

  • CVE‑2026‑21510: Windows Shell security‑feature bypass; single‑click execution of attacker‑controlled content.
  • CVE‑2026‑21513: MSHTML rendering engine bypass in the default Windows browser.
  • CVE‑2026‑21514: Microsoft Word feature bypass.
  • CVE‑2026‑21533: Local privilege escalation to SYSTEM via Remote Desktop Services.
  • CVE‑2026‑21519: Elevation‑of‑privilege in Desktop Window Manager.
  • CVE‑2026‑21525: Denial‑of‑service in Remote Access Connection Manager (VPN).
  • Additional RCE fixes for GitHub Copilot, VS Code, Visual Studio, and JetBrains IDEs (CVE‑2026‑21516, CVE‑2026‑21523, CVE‑2026‑21256) stem from prompt‑injection command‑execution flaws.

Source: Krebs on Security – Patch Tuesday, February 2026 Edition

📰 Original Source
https://krebsonsecurity.com/2026/02/patch-tuesday-february-2026-edition/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →