Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
BleepingComputer • • general
Key Points:
- Microsoft’s February 2026 Patch Tuesday addresses 58 vulnerabilities, including six actively exploited zero-day flaws and three publicly disclosed zero-days, with five rated as "Critical."
- Among the actively exploited zero-days are security feature bypass vulnerabilities in Windows Shell, MSHTML Framework, and Microsoft Word, as well as elevation of privilege flaws in Desktop Window Manager and Windows Remote Desktop Services.
- Microsoft is rolling out updated Secure Boot certificates to replace expiring 2011 certificates, deploying them gradually based on device update success signals to ensure a safe rollout.
- Other vendors such as Adobe, BeyondTrust, Cisco, Fortinet, and SAP also released security updates this month, while Google’s Android February bulletin included no security fixes.
- Notable discoveries include exploitation