Summary: Microsoft’s February 2026 Patch Tuesday resolves 59 vulnerabilities across Windows, Office, Azure, GitHub Copilot, and other components. February release also resolves 5 vulnerabilities rated “Critical,” including 3 elevation of privilege flaws and two information disclosure bugs.

Elevation of privilege issues once again dominate the update, accounting for nearly half of all vulnerabilities addressed this month.

The February Tuesday patch highlights the importance of any malicious document or link could bypass built-in protections and execute code, giving attackers a foothold inside the system. The exploited CVE’s reveal where security, trust and accountability stop shaping as a tool and become infrastructure that reflects security as prime feature.

OEM	Microsoft
Severity	Critical
Date of Announcement	2026-02-10
No. of Patches	59
Actively Exploited	Yes
Exploited in Wild	Yes
Advisory Version	1.0

Overview 

The update includes 6 exploited zero-days (like CVE-2026-21510 Windows Shell, CVE-2026-21513 MSHTML), two publicly disclosed, two Critical severity flaws like CVE-2026-21531 Azure SDK RCE (CVSS 9.8), and dominant Elevation of Privilege issues. 

Here are the CVE addresses for Microsoft & non-Microsoft:  

• 58 Microsoft CVEs addressed 

• 1 non-Microsoft CVEs addressed (Republished) 

Breakdown of January 2026 Vulnerabilities 

• 23 Elevation of Privilege (EoP) 

• 11 Remote Code Execution (RCE) 

• 5 Information Disclosure 

• 3 Denial of Service (DoS) 

• 5 Security Feature Bypass 

• 7 Spoofing  

• 5 Others 

Vulnerability Name	CVE ID	Product Affected	Severity	CVSS Score
Azure SDK for Python Remote Code Execution Vulnerability	CVE-2026-21531	Azure SDK	Critical	9.8
Azure Front Door (AFD) Remote Code Execution Vulnerability	CVE-2026-24300	Azure Front Door	Critical	9.8
Windows Shell Security Feature Bypass Vulnerability	CVE-2026-21510	Windows Shell	High	8.8
MSHTML Framework Security Feature Bypass Vulnerability	CVE-2026-21513	Internet Explorer/MSHTML	High	8.8
Microsoft Office Word Security Feature Bypass Vulnerability	CVE-2026-21514	Microsoft Office Word	High	7.8
Desktop Window Manager Elevation of Privilege Vulnerability	CVE-2026-21519	Desktop Window Manager	High	7.8
Windows Remote Desktop Services Elevation of Privilege Vulnerability	CVE-2026-21533	Windows Remote Desktop	High	7.8
Windows Remote Access Connection Manager Denial of Service Vulnerability	CVE-2026-21525	Windows Remote Access Connection Manager	Moderate	6.2

Technical Summary 

Microsoft’s February 2026 Patch Tuesday addresses critical flaws across Windows core components, Office apps, Azure cloud services, and developer tools like GitHub Copilot.

Key issues include:

• Security feature bypasses allowing attackers to evade SmartScreen and file warnings via malicious links or documents,
• Elevation of privilege exploits enabling local users to gain SYSTEM-level access through kernel, desktop manager, remote desktop, and storage drivers.
• Remote code execution risks in cloud SDKs and front-door services over network vectors without authentication.
• Denial-of-service vulnerabilities target remote access managers, while spoofing flaws hit Outlook and Exchange via crafted emails exploitable in preview panes. 
• Admins and users must patch immediately so attackers can’t exploit the vulnerability to compromise the system. 

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2026-21531	Azure SDK	Remote code execution over network against Azure SDK for Python with no authentication or privileges required	Remote Code Execution
CVE-2026-24300	Azure Front Door	Improper access control allows unauthenticated privilege escalation remotely over network, compromising configurations and backend resources	Elevation of Privilege
CVE-2026-21510	Windows Shell	Bypasses Windows SmartScreen protections via malicious links or shortcut files, allowing evasion of security warnings	Security Feature Bypass
CVE-2026-21513	MSHTML Framework	Bypasses file opening prompts through malicious HTML documents or .lnk shortcuts, evading user notifications	Security Feature Bypass
CVE-2026-21514	Microsoft Office Word	Bypasses built-in document protections when opening specially crafted Office files, excluding preview pane vector	Security Feature Bypass
CVE-2026-21519	Desktop Window Manager	Local authenticated attacker escalates privileges to SYSTEM level through Desktop Window Manager GUI rendering service	Elevation of Privilege
CVE-2026-21533	Windows Remote Desktop	Local authenticated user escalates to SYSTEM privileges via Windows Remote Desktop Services authentication flaw	Elevation of Privilege
CVE-2026-21525	Windows Remote Access Connection Manager	Denial of service crash in RasMan service handling remote desktop connections, exploited in the wild	Denial of Service

Key Affected Products and Services 

The February 2026 updates address vulnerabilities across: 

• Windows Core Components 

Kernel, HTTP.sys, Hyper-V, GDI+, WinSock, LDAP, Storage, Shell 

• Microsoft Office Suite 

Excel, Word, Outlook  

• Azure & Cloud Services 

SDK, Front Door, Compute Gallery, IoT SDK, HDInsights, Function, Arc 

• Developer/Other 

GitHub Copilot, Visual Studio 

• Others 

Power BI, Defender for Linux, Exchange Server, Notepad 

Remediation: 

• Install the February 2026 Microsoft security updates immediately across all systems. 

Here are some recommendations below  

• Monitor for malicious links/files, SmartScreen bypasses, RDP anomalies, Azure RCE attempts 

• Enforce least-privilege, segment networks, audit Office preview/Exchange configs 

• Deploy EDR/SIEM for kernel/Office/GitHub activity 

Conclusion: 
Microsoft’s February 2026 Patch Tuesday resolves numerous vulnerabilities across Windows components, Office applications, Azure cloud services, and developer tools.

With confirmed exploitation in the wild across multiple zero-days, immediate patching prevents ransomware deployment, lateral movement and full system compromise in enterprise environments. 

Suggestions for Users and Organizations

Applying February’s updates as soon as possible, particularly in enterprise environments where privilege escalation and SmartScreen bypass vulnerabilities pose heightened risk.

Systems exposed to phishing campaigns, remote desktop access, or high-risk user behavior should be prioritized.

Beyond vulnerability fixes, Microsoft has also started a significant infrastructure change tied to Secure Boot. The February updates initiate a phased rollout of new Secure Boot certificates, replacing the original certificates issued in 2011 that are set to expire in late June 2026.

As attackers continue to exploit zero-day vulnerabilities at a steady pace, February’s Patch Tuesday serves as another reminder that timely patching remains one of the most effective defenses against real-world cyber threats.

What are the key pointers CISO’s should implement?

As systems get more autonomous, is governance key factor before initiating any response?

Is it important to decide how a system going to function before vulnerabilities are exploited?

References: 

• https://msrc.microsoft.com/update-guide/releaseNote/2026-Feb 

• https://www.tenable.com/blog/microsofts-february-2026-patch-tuesday-addresses-54-cves-cve-2026-21510-cve-2026-21513 

• https://cybersecuritynews.com/microsoft-patch-tuesday-february-2026/