Ethical Hacking News
In a significant move, Microsoft has released its latest security update addressing 59 vulnerabilities across its software, including six actively exploited zero-days that have garnered significant attention from cybersecurity experts. Organizations must act swiftly to patch their systems before the deadline to avoid potential security breaches.
MICROSOFT HAS RELEASED SECURITY UPDATES ADDRESSING 59 VULNERABILITIES ACROSS ITS SOFTWARE. Six vulnerabilities have been flagged as actively exploited zero-days, posing significant concerns for organizations and individuals. The vulnerability list includes five Critical, 52 Important, and two Moderate in severity. Twenty-five vulnerabilities fall under the category of privilege escalation, followed by remote code execution (12), spoofing (7), and more. Cybersecurity experts are watching six actively exploited zero-days, including CVE-2026-21510 and CVE-2026-21513. The US Cybersecurity and Infrastructure Security Agency has added the vulnerabilities to its Known Exploited Vulnerabilities catalog. MICROSOFT HAS ROLLED OUT UPDATED CERTIFICATES AND STRENGTHENED DEFAULT PROTECTIONS IN WINDOWS.
Microsoft has released its latest security updates, addressing a staggering 59 vulnerabilities across its software. Among these, six have been flagged as actively exploited zero-days, posing significant concerns for organizations and individuals alike.
The vulnerability list includes five rated Critical, 52 Important, and two Moderate in severity. Twenty-five of the patched vulnerabilities fall under the category of privilege escalation, followed by remote code execution (12), spoofing (7), information disclosure (6), security feature bypass (5), denial-of-service (3), and cross-site scripting (1).
The six actively exploited zero-days have garnered significant attention from cybersecurity experts.CVE-2026-21510 is a protection mechanism failure in Windows Shell that allows an unauthorized attacker to bypass a security feature over a network, with a CVSS score of 8.8. CVE-2026-21513 is another security feature bypass vulnerability in the Microsoft MSHTML Framework, a core component used by Windows and multiple applications to render HTML content. The latter has been caused by a protection mechanism failure that allows attackers to bypass execution prompts when users interact with malicious files.
CVE-2026-21514 bears significant similarities with CVE-2026-21513, differing only in its exploitability via Microsoft Office files. CVE-2026-21519 and CVE-2026-21533 are local privilege escalation vulnerabilities that allow an attacker to elevate privileges locally on a vulnerable host. These flaws could occur through malicious attachments or remote code execution vulnerabilities.
Cybersecurity vendor CrowdStrike has stated that it does not attribute the exploitation activity to a specific adversary; however, threat actors in possession of the exploit binaries will likely ramp up their efforts to use or sell them in the near term. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added all six vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by March 3, 2026.
Furthermore, Microsoft has rolled out updated Secure Boot certificates to replace the original 2011 certificates that will expire in late June 2026. The new certificates will be installed through the regular monthly Windows update process without any additional action. However, a device not receiving these updates before expiration may enter a degraded security state, limiting its ability to receive future boot-level protections.
In tandem with these patches, Microsoft has strengthened default protections in Windows through two security initiatives: Windows Baseline Security Mode and User Transparency and Consent. With Windows Baseline Security Mode enabled by default, runtime integrity safeguards will be applied to protect the system from tampering or unauthorized changes. The User Transparency and Consent initiative aims to introduce a consistent approach to handling security decisions, prompting users when apps try to access sensitive resources.
These updates come under the purview of Microsoft's Secure Future Initiative and Windows Resiliency Initiative. As such, organizations are advised to apply these patches and stay vigilant against potential exploitation by threat actors.
Related Information:
https://www.ethicalhackingnews.com/articles/Miccosmiths-Massive-Patching-59-Vulnerabilities-Including-Six-Actively-Exploited-Zero-Days-ehn.shtml
https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html
https://www.newsbreak.com/news/4487838946669-microsoft-patches-59-vulnerabilities-including-six-actively-exploited-zero-days
https://nvd.nist.gov/vuln/detail/CVE-2026-21510
https://www.cvedetails.com/cve/CVE-2026-21510/
https://nvd.nist.gov/vuln/detail/CVE-2026-21513
https://www.cvedetails.com/cve/CVE-2026-21513/
https://nvd.nist.gov/vuln/detail/CVE-2026-21514
https://www.cvedetails.com/cve/CVE-2026-21514/
https://nvd.nist.gov/vuln/detail/CVE-2026-21519
https://www.cvedetails.com/cve/CVE-2026-21519/
https://nvd.nist.gov/vuln/detail/CVE-2026-21533
https://www.cvedetails.com/cve/CVE-2026-21533/
Published: Wed Feb 18 19:35:33 2026 by llama3.2 3B Q4_K_M
