Microsoft Patched Six Zero-Day Vulnerabilities in Windows 11
Install the latest update ASAP.
On February 10, Microsoft released its Patch Tuesday update for February. The company typically releases this update the second Tuesday of each month, issuing patches for all of these security vulnerabilities it fixed since its previous update. This month, however, is a particularly important update, as Microsoft patched six zero-day vulnerabilities.
According to Bleeping Computer, the update includes 58 patches in total, including the following:
- 25 Elevation of Privilege vulnerabilities
- 5 Security Feature Bypass vulnerabilities
- 12 Remote Code Execution vulnerabilities
- 6 Information Disclosure vulnerabilities
- 3 Denial of Service vulnerabilities
- 7 Spoofing vulnerabilities
While all of these updates are important, six of them essential. That’s because zero-days are vulnerabilities that are publicly disclosed or exploited before the company, like Microsoft, has a chance to issue a patch. As such, these six flaws pose an immediate threat to users. These include:
- CVE-2026-21510—Windows Shell Security Feature Bypass Vulnerability: “An attacker could bypass Windows SmartScreen and Windows Shell security prompts by exploiting improper handling in Windows Shell components, allowing attacker‑controlled content to execute without user warning or consent.”
- CVE-2026-21513—MSHTML Framework Security Feature Bypass Vulnerability: “Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.”
- CVE-2026-21514—Microsoft Word Security Feature Bypass Vulnerability: “An attacker must send a user a malicious Office file and convince them to open it. This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE control.”
- CVE-2026-21519—Desktop Window Manager Elevation of Privilege Vulnerability: “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
- CVE-2026-21525—Windows Remote Access Connection Manager Denial of Service Vulnerability: “Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.”
- CVE-2026-21533—Windows Remote Desktop Services Elevation of Privilege Vulnerability: “Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.”
It’s important to update your PC as soon as possible to apply these patches.
Share This
