Other information and services of the government: www.belgium.be Centre for Cybersecurity Belgium
search

Warning: Microsoft Patch Tuesday February 2026 patches 54 vulnerabilities (2 Critical, 51 Important, 1 Moderate), Patch Immediately!!

Image
Decorative image
Published : 11/02/2026

    * Affected products:
         → .NET
         → Azure
         → Github Copilot
         → Microsoft Exchange Server
         → Microsoft Edge
         → Microsoft Office
         → Power BI
         → Windows

    * Type: Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation.

    * CVE/CVSS:
Microsoft patched 54 vulnerabilities in its February 2026 Patch Tuesday release, 2 rated as critical, 51 rated important. Including 3 0-day vulnerabilities and 6 vulnerabilities that are actively exploited.

  • 11 Remote Code Execution vulnerabilities
  • 23 Elevation of Privilege vulnerabilities
  • 5 Information Disclosure vulnerabilities
  • 7 Spoofing vulnerability
  • 3 Denial of Service vulnerabilities
  • 5 Security Feature Bypass vulnerabilities

Last updated date:11/02/26

Sources

Microsoft

Risks

Microsoft’s February 2026 Patch Tuesday includes 54 vulnerabilities (2 critical, 51 important, 1 moderate and 0 low), for a wide range of Microsoft products, impacting Microsoft Server and Workstations.

This Patch Tuesday includes 6 actively exploited vulnerabilities and 3 0-Days. Some other vulnerabilities are also more likely to be exploited soon, therefore urgent patching is advised.

Description

Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.

The CCB would like to point your attention to following vulnerabilities:

CVE-2026-21510 - Windows Shell (Actively exploited)

Security Feature Bypass Vulnerability. This actively exploited vulnerability can be used by an attacker to bypass Windows SmartScreen and Windows Shell security prompts to execute code on a target system. User interaction is required since the user needs to be tricked into clicking on a link for shortcut file.

CVE-2026-21514 - Microsoft Word (Actively exploited)

Security Feature Bypass Vulnerability. To exploit this CVE, a user needs to open a malicious Word document. That malicious Word document can bypass protections to dangerous COM/OLE controls which can be used to achieve code execution on the system. The Preview Pane is not affected.

CVE-2026-21519 - Desktop Window Manager (0-day, actively exploited)

Elevation of Privilege Vulnerability. Attackers can use this vulnerability in the DWM to execute code with SYSTEM privileges.

CVE-2026-21533 - Windows Remote Desktop Services (0-day, actively exploited)

Elevation of Privilege Vulnerability. This CVE can be used by an authenticated user to gain SYSTEM level privileges if Windows Remote Desktop Services is running on the machine.

CVE-2026-21513 - MSHTML (Actively exploited)

Security Feature Bypass Vulnerability. To exploit this CVE, an attacker needs to convince a potential victim into opening either a malicious HTML file or a shortcut (.lnk) file. This vulnerability can bypass protection prompts

CVE-2026-21525 - Windows Remote Access Connection Manager (0-day, actively exploited)

Denial of Service Vulnerability. To exploit this CVE, a local unauthorized attacker can cause a null pointer dereference in the Windows Remote Access Connection Manager.

CVE-2026-21511 - Microsoft Outlook (Exploitation more likely)

Spoofing Vulnerability. Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. An attacker could exploit this spoofing vulnerability by using a specially crafted email to trigger an outbound NTLM authentication attempt to an attacker‑controlled server, resulting in credential disclosure.

Recommended Actions

Patch 
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect 
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

The Register - https://www.theregister.com/2026/02/10/microsofts_valentines_gift_to_admins/
The Hacker News - https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html
CISA - https://www.cisa.gov/news-events/alerts/2026/02/10/cisa-adds-six-known-exploited-vulnerabilities-catalog
Tenable - https://www.tenable.com/blog/microsofts-february-2026-patch-tuesday-addresses-54-cves-cve-2026-21510-cve-2026-21513
Zero Day Initiative - https://www.zerodayinitiative.com/blog/2026/2/10/the-february-2026-security-update-review