Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Microsoft's Valentine's Gift to Administrators: Six Exploited Zero-Day Fixes


Microsoft has released six zero-day fixes for its operating systems, leaving administrators with a daunting task of patching these newly discovered vulnerabilities before they can be exploited by attackers. The patches target different aspects of Windows operating system and are rated as critical.

  • Microsoft has released six zero-day fixes for its operating systems.
  • The vulnerabilities target different aspects of Windows, including Internet Explorer and Microsoft Word.
  • Three of the six vulnerabilities are publicly disclosed, indicating possible proof-of-concept exploits available online.
  • The most severe vulnerability, Windows Shell Security Feature Bypass Vulnerability, can execute code without warning.
  • Patches are available now for system administrators to deploy quickly.



    • Microsoft has released six zero-day fixes for its operating systems, leaving administrators with a daunting task of patching these newly discovered vulnerabilities before they can be exploited by attackers. The news comes as a welcome gift to Microsoft admins on this year's Valentine's Day, with the company providing 6 much-needed software updates that target different aspects of its Windows operating system.

    In a statement about the new patches, Dustin Childs, Trend Micro Zero Day Initiative's manager, highlighted the severity of these newly discovered bugs. He noted that "this bug is listed as a security feature bypass, but it could also be classified as code execution... Definitely test and deploy this fix quickly."

    Among the six vulnerabilities are Windows Shell Security Feature Bypass Vulnerability (CVE-2026-21510), Internet Explorer Security Feature Bypass Vulnerability (CVE-2026-21513), Microsoft Word Security Feature Bypass Vulnerability (CVE-2026-21514), Desktop Window Manager Elevation of Privilege Vulnerability (CVE-2026-21519), Windows Remote Access Connection Manager Denial of Service Vulnerability (CVE-2026-21525), and Windows Remote Desktop Services Elevation of Privilege Vulnerability (CVE-2026-21533). These bugs are listed as being under attack, meaning they have already been exploited by attackers. Moreover, three of the six vulnerabilities are also publicly disclosed, which implies that there may be proof-of-concept exploits floating around the internet.

    The Windows Shell Security Feature Bypass Vulnerability (CVE-2026-21510), for instance, is an 8.8 CVSS-rated bug that requires a user to open a malicious link or shortcut file in order to bypass security features and execute code on their system without any warning. Similarly, the Internet Explorer Security Feature Bypass Vulnerability (CVE-2026-21513) also has an 8.8 CVSS rating, allowing attackers to exploit the browser's handling of files to achieve remote code execution.

    On the other hand, the Microsoft Word Security Feature Bypass Vulnerability (CVE-2026-21514), while having a lower CVSS score of 7.8, allows attackers to manipulate COM and OLE controls within Office files, enabling potential Remote Code Execution attacks.

    Additionally, the Desktop Window Manager Elevation of Privilege Vulnerability (CVE-2026-21519) is rated 7.8 on the CVSS scale. This bug allows an attacker to elevate privileges using this exploit in Windows systems. And lastly, the Windows Remote Access Connection Manager Denial of Service Vulnerability (CVE-2026-21525), and the Windows Remote Desktop Services Elevation of Privilege Vulnerability (CVE-2026-21533) are also 7.8 CVSS-rated bugs. The former allows an attacker to cause a denial-of-service, or "DoS", by triggering a null pointer dereference in Windows Remote Access Connection Manager, while the latter allows an authorized attacker to gain SYSTEM privileges locally and then run code with those elevated rights.

    The good news is that the vulnerabilities listed here are primarily attacks on Internet Explorer, Microsoft Word and Windows systems. Given that Internet Explorer support ended years ago, it's possible that not many users will be affected by this bug.

    On a positive note, Dustin Childs' warning to test and deploy these patches quickly could serve as a reminder for system administrators and IT professionals.

    The patches are available now, but more importantly, they should be considered a welcome gift from Microsoft on Valentine's Day - one that comes with the hope that it will reduce the number of potential security threats faced by users in 2026.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Microsofts-Valentines-Gift-to-Administrators-Six-Exploited-Zero-Day-Fixes-ehn.shtml

  • https://go.theregister.com/feed/www.theregister.com/2026/02/10/microsofts_valentines_gift_to_admins/

  • https://www.msn.com/en-us/news/technology/microsofts-valentines-gift-to-admins-6-exploited-zero-day-fixes/ar-AA1W5Ajt

  • https://www.theregister.com/2026/02/10/microsofts_valentines_gift_to_admins/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-21510

  • https://www.cvedetails.com/cve/CVE-2026-21510/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-21513

  • https://www.cvedetails.com/cve/CVE-2026-21513/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-21514

  • https://www.cvedetails.com/cve/CVE-2026-21514/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-21519

  • https://www.cvedetails.com/cve/CVE-2026-21519/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-21525

  • https://www.cvedetails.com/cve/CVE-2026-21525/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-21533

  • https://www.cvedetails.com/cve/CVE-2026-21533/


    • Published: Wed Feb 18 02:04:48 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us