Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

MICROSOFT PATCHES 59 VULNERABILITIES IN RECENT SECURITY UPDATE



Microsoft has released a security update that addresses 59 vulnerabilities across its software, including six actively exploited zero-day flaws. The updates aim to strengthen the security posture of Microsoft's products and protect users from various types of threats.

  • MICROSOFT HAS RELEASED A SECURITY UPDATE TO ADDRESS 59 VULNERABILITIES, INCLUDING SIX ACTIVELY EXPLOITED ZERO-DAY FLAWS.
  • Five of the vulnerabilities are rated Critical in severity, while 52 are considered Important, with two being classified as Moderate.
  • The updated vulnerabilities include privilege escalation, remote code execution, spoofing, information disclosure, security feature bypass, denial-of-service, and cross-site scripting.
  • Microsoft's own security teams, as well as the Google Threat Intelligence Group (GTIG), discovered the zero-day flaws.
  • The affected vulnerabilities have already been exploited in the wild and are considered of high severity.
  • MICROSOFT HAS ALSO STRENGTHENED DEFAULT PROTECTIONS IN WINDOWS THROUGH TWO SECURITY INITIATIVES: Windows Baseline Security Mode and User Transparency and Consent.



    • Microsoft has recently released a security update that addresses a total of 59 vulnerabilities across its software, including six actively exploited zero-day flaws. The updates, which were made available on Tuesday, aim to strengthen the security posture of Microsoft's products and protect users from various types of threats.

    According to the company, five of the 59 flaws are rated as Critical in severity, while 52 are considered Important, with two being classified as Moderate. Twenty-five of the patched vulnerabilities have been categorized as privilege escalation, followed by remote code execution (12), spoofing (7), information disclosure (6), security feature bypass (5), denial-of-service (3), and cross-site scripting (1).

    One of the most notable aspects of this update is that it includes six actively exploited zero-day flaws. These vulnerabilities were discovered and reported by Microsoft's own security teams, as well as the Google Threat Intelligence Group (GTIG). The affected vulnerabilities are:

    - CVE-2026-21510: A protection mechanism failure in Windows Shell that allows an unauthorized attacker to bypass a security feature over a network.
    - CVE-2026-21513: A protection mechanism failure in MSHTML Framework that allows an unauthorized attacker to bypass a security feature over a network.
    - CVE-2026-21514: A reliance on untrusted inputs in a security decision in Microsoft Office Word that allows an unauthorized attacker to bypass a security feature locally.
    - CVE-2026-21519: An access of resource using incompatible type ('type confusion') in the Desktop Window Manager that allows an authorized attacker to elevate privileges locally.
    - CVE-2026-21525: A null pointer dereference in Windows Remote Access Connection Manager that allows an unauthorized attacker to deny service locally.
    - CVE-2026-21533: An improper privilege management in Windows Remote Desktop that allows an authorized attacker to elevate privileges locally.

    These zero-day flaws were discovered by Microsoft's own security teams, as well as the Google Threat Intelligence Group (GTIG), and are considered to be of high severity. The affected vulnerabilities have already been exploited in the wild, and it is likely that more attacks will be launched using these exploits in the near future.

    In addition to addressing these zero-day flaws, Microsoft has also strengthened default protections in Windows through two security initiatives: Windows Baseline Security Mode and User Transparency and Consent. These initiatives aim to improve the security posture of Windows by moving towards operating with runtime integrity safeguards enabled by default, as well as introducing a consistent approach to handling security decisions.

    Windows Baseline Security Mode is designed to move Windows towards operating with runtime integrity safeguards enabled by default. This will help protect the system from tampering or unauthorized changes, and ensure that only properly signed apps, services, and drivers are allowed to run. The mode is currently available as an experimental feature in Windows 10 and can be enabled through the Windows Settings app.

    User Transparency and Consent aims to introduce a consistent approach to handling security decisions. The operating system will prompt users when apps try to access sensitive resources, such as files, the camera, or the microphone, or when they attempt to install other unintended software. These prompts are designed to be clear and actionable, and users will always have the ability to review and change their choices later.

    Experts believe that these updates demonstrate Microsoft's commitment to addressing security vulnerabilities in its products. "Microsoft is taking a proactive approach to addressing security vulnerabilities," said Jack Bicer, director of vulnerability research at Action1. "By moving towards operating with runtime integrity safeguards enabled by default, and introducing a consistent approach to handling security decisions, the company is helping to protect users from various types of threats."

    The updates also coincide with Microsoft rolling out updated Secure Boot certificates to replace the original 2011 certificates that will expire in late June 2026. The new certificates will be installed through the regular monthly Windows update process without any additional action.

    Overall, this security update highlights the importance of keeping software up-to-date and addressing security vulnerabilities as soon as possible. Users should prioritize applying these patches to protect themselves from various types of threats.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/MICROSOFT-PATCHES-59-VULNERABILITIES-IN-RECENT-SECURITY-UPDATE-ehn.shtml

  • https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html

  • https://cybernews.com/security/microsoft-six-exploited-zero-days-cisa-kev-february-2026/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-21510

  • https://www.cvedetails.com/cve/CVE-2026-21510/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-21513

  • https://www.cvedetails.com/cve/CVE-2026-21513/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-21514

  • https://www.cvedetails.com/cve/CVE-2026-21514/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-21519

  • https://www.cvedetails.com/cve/CVE-2026-21519/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-21525

  • https://www.cvedetails.com/cve/CVE-2026-21525/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-21533

  • https://www.cvedetails.com/cve/CVE-2026-21533/


    • Published: Wed Feb 11 05:38:17 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us