Microsoft dropped its February 2026 Patch Tuesday yesterday, and it's a bad one. We're talking 58 vulnerabilities patched across Windows, Office, Azure, and developer tools — with six zero-day flaws that attackers were already exploiting before the patches even existed. Three of them were publicly disclosed before Microsoft could ship a fix. This is not business-as-usual patch management. This is an emergency.
January 2026 was already brutal — 114 vulnerabilities patched, 8 critical flaws, and 3 zero-days including one in the Desktop Window Manager that was actively exploited. February followed up with a haymaker. Smaller patch count, but far more dangerous: six zero-days, all confirmed exploited in the wild, discovered by teams at Microsoft, CrowdStrike, Google Threat Intelligence Group, and Acros Security. When that many major threat intelligence organizations converge on the same batch of bugs, it means coordinated, sophisticated attack campaigns are already in motion.
The Situation: Why This Patch Tuesday Hits Different
Let's put this in perspective. The typical Patch Tuesday drops fixes for a handful of actively exploited vulnerabilities — maybe one or two. Six in a single month is rare. Six that are all being exploited before patches arrive is a five-alarm fire. The flaws hit core Windows components that every enterprise on the planet runs: Windows Shell, MSHTML, Microsoft Word, Desktop Window Manager, Remote Desktop Services, and VPN connection management.
The breakdown of all 58 vulnerabilities tells you what threat actors are focused on right now: 23 elevation-of-privilege flaws, 11 remote code execution bugs, 7 spoofing issues, 5 information disclosure vulnerabilities, 5 security feature bypasses, and 3 denial-of-service flaws. Privilege escalation dominates — accounting for nearly half of the entire patch cycle. That's not an accident. Attackers are already inside networks. What they need is SYSTEM-level access, and February's bugs hand it to them.
With 6 actively exploited zero-days, this is not a standard patching window. If your organization follows a 30-day patch cycle, you need to compress that timeline significantly for these CVEs. Test and deploy now.
The Six Zero-Days: Full Breakdown
Each of these six flaws was confirmed as "Exploitation Detected" by Microsoft at the time of patch release. Here's what they do, who found them, and why they matter.
CVE-2026-21510 — Windows Shell Security Feature Bypass
This one lets attackers bypass Windows SmartScreen and Shell security warning dialogs. In plain terms: a user clicks a malicious link or opens a crafted shortcut file, and Windows doesn't show the usual "this file came from the internet, are you sure?" warning. The attacker's payload runs silent. No consent dialog. No Mark-of-the-Web protection. Just execution.
According to SecPod's analysis, the flaw stems from improper handling of certain crafted file types within Windows Shell components, which suppresses the safety prompts that would normally alert users. This makes it a perfect fit for phishing and malware delivery campaigns. It was discovered jointly by Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), the Office Product Group Security Team, and Google Threat Intelligence Group — the kind of multi-organization attribution that signals widespread exploitation already in progress.
CVE-2026-21513 — MSHTML Framework Security Feature Bypass
This targets the MSHTML/Trident rendering engine — the guts of Internet Explorer that still lurk inside Windows for legacy compatibility. An attacker distributes a manipulated HTML or LNK file that exploits a weakness in how MSHTML handles security boundaries, bypassing protections and potentially enabling code execution. Microsoft shared almost no technical details, a deliberate move typically reserved for vulnerabilities that are already being weaponized in targeted intrusions.
CVE-2026-21514 — Microsoft Word Security Feature Bypass
An attacker sends a malicious Office document. The victim opens it. The document bypasses OLE mitigations in Microsoft 365 and Microsoft Office, allowing unsafe embedded content to execute within trusted Office workflows. If this sounds familiar, it should — Microsoft shipped an emergency out-of-band patch for a similar OLE bypass just weeks ago in January. Same attack pattern, different bug. Threat actors clearly have not moved on from this technique.
"This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE control." — Microsoft Security Advisory for CVE-2026-21514
CVE-2026-21519 — Desktop Window Manager Elevation of Privilege
A type confusion flaw in the Desktop Window Manager — the system service that handles window compositing, transparency, and visual effects on every Windows machine since Vista — allows a local attacker to escalate to SYSTEM privileges. This is the second DWM zero-day in as many months. Microsoft patched an exploited DWM flaw (CVE-2026-20805) just last month in January. Threat actors are clearly finding this component a fruitful hunting ground.
CVE-2026-21533 — Windows Remote Desktop Services Elevation of Privilege
This is the one that should make every enterprise admin sweat. An authenticated attacker who has compromised a low-privileged RDP session can exploit this to elevate to SYSTEM, enabling lateral movement, credential harvesting, or persistence. CrowdStrike discovered this one during what appears to be active incident response operations.
"The CVE-2026-21533 exploit binary modifies a service configuration key, replacing it with an attacker-controlled key, which could enable adversaries to escalate privileges to add a new user to the Administrator group." — CrowdStrike Intelligence, reported via Help Net Security
CrowdStrike's assessment gets worse. They believe the public disclosure of this vulnerability will accelerate exploitation efforts, since threat actors and exploit brokers who already possess the exploit binary will now be motivated to monetize it quickly.
CVE-2026-21525 — Windows Remote Access Connection Manager DoS
A null pointer dereference in the Windows Remote Access Connection Manager (RasMan) allows an unprivileged user to crash the VPN service. The 0patch research team at Acros Security discovered an exploit for this in a public malware repository — meaning it was already being packaged for use by threat actors.
"We found an exploit for this issue in December 2025 in a public malware repository while searching for an exploit for CVE-2025-59230. This issue turned out to be a 0day at the time, so we patched it and reported it to Microsoft. We don't have any information on it having been exploited, but the quality of the combined exploit for both issues suggested professional work." — Mitja Kolsek, CEO of Acros Security, speaking to SecurityWeek
Ryan Braunstein, Security Manager at Automox, laid out the real-world impact during his analysis:
"An attacker with a foothold as a standard, non-admin user can run a small script that crashes the RAS manager service. The attack requires no elevated privileges and can be triggered after initial access through phishing or a malicious browser extension. Organizations relying on always-on VPN connections face a particular risk: if the VPN service crashes, endpoints configured with 'fail close' policies lose network access." — Ryan Braunstein, Security Manager at Automox, reported via Help Net Security
Think about that: a non-admin attacker crashes your corporate VPN service with a small script. Every endpoint with "fail close" VPN policies goes dark. That's a disruption weapon that could hit an entire enterprise.
GitHub Copilot RCE: Your AI Assistant Can Be Weaponized
Beyond the zero-days, Microsoft patched a batch of remote code execution vulnerabilities in GitHub Copilot across Visual Studio Code (CVE-2026-21523), JetBrains IDEs (CVE-2026-21516), and Visual Studio (CVE-2026-21256). The root cause is a command injection flaw that can be triggered through prompt injection — tricking the AI agent into executing malicious commands.
Kev Breen at Immersive broke down why this matters for anyone building with AI-assisted development tools:
"Developers are high-value targets for threat actors, as they often have access to sensitive data such as API keys and secrets that function as keys to critical infrastructure, including privileged AWS or Azure API keys. When organizations enable developers and automation pipelines to use LLMs and agentic AI, a malicious prompt can have significant impact. This does not mean organizations should stop using AI. It does mean developers should understand the risks, teams should clearly identify which systems and workflows have access to AI agents, and least-privilege principles should be applied to limit the blast radius if developer secrets are compromised." — Kev Breen, Immersive, reported via Krebs on Security
This is the real-world manifestation of what the World Economic Forum's Global Cybersecurity Outlook 2026 report flagged: 87% of organizations now rank AI-related vulnerabilities as their fastest-growing cyber risk. It's not theoretical anymore. AI tooling in developer environments is an active attack surface.
The Critical Azure Flaws Nobody's Talking About
The two vulnerabilities rated Critical this month both target Azure Compute Gallery, specifically Azure Container Instances (ACI) Confidential Containers:
| CVE | Type | Impact |
|---|---|---|
CVE-2026-23655 |
Critical — Information Disclosure | Allows sensitive data leakage from confidential computing workloads in Azure |
CVE-2026-21522 |
Critical — Elevation of Privilege | Enables privilege escalation within container environments running on Azure |
Confidential containers are supposed to be the security gold standard for processing sensitive data in the cloud. These flaws undermine that promise entirely. If your organization runs sensitive workloads in Azure confidential computing environments, these need to be at the top of your remediation list.
Additionally, there's an RCE in Microsoft Defender for Endpoint on Linux (CVE-2026-21537) and another RCE in the Azure SDK for Python (CVE-2026-21531). Your security tooling itself is a viable attack vector.
How These Get Chained Together
Here's where it gets ugly. These vulnerabilities don't exist in isolation. Threat actors chain them together into complete kill chains. A realistic attack flow using February's zero-days looks like this:
- Initial Access: Attacker sends a phishing email with a crafted link or shortcut file. Victim clicks it. CVE-2026-21510 (Windows Shell bypass) suppresses all SmartScreen warnings. Payload executes silently.
- Alternate Initial Access: Attacker sends a malicious Word document. CVE-2026-21514 (Word OLE bypass) lets embedded malicious content execute within trusted Office workflows.
- Privilege Escalation: The payload triggers CVE-2026-21519 (Desktop Window Manager type confusion) to escalate from standard user to SYSTEM.
- Lateral Movement: With SYSTEM access, the attacker pivots via RDP. CVE-2026-21533 (RDS privilege escalation) lets them maintain SYSTEM-level access across additional hosts.
- Disruption: CVE-2026-21525 (RasMan DoS) crashes VPN services across the environment to cut off remote defenders and buy time for data exfiltration.
Every link in that chain was patched on the same Tuesday. That means every link was potentially available to attackers at the same time, which means attack campaigns using some or all of these in combination may already be underway.
The fact that multiple zero-days were reported by overlapping teams at Microsoft, CrowdStrike, Google Threat Intelligence Group, and Acros Security strongly suggests coordinated campaigns by sophisticated threat actors — possibly nation-state level.
What You Need to Do Right Now
This isn't a "patch this weekend" situation. Here's the priority order:
- Patch the six zero-days immediately. These are being exploited right now. If your patching pipeline can't handle emergency cycles, your patching pipeline is broken. CVE-2026-21510, CVE-2026-21513, CVE-2026-21514, CVE-2026-21519, CVE-2026-21525, and CVE-2026-21533 need to go out before the end of the week, full stop.
- Patch the two Critical Azure vulnerabilities. CVE-2026-23655 and CVE-2026-21522 affect confidential containers. If you're running sensitive workloads in Azure ACI, these are next in line.
- Update GitHub Copilot and development tools. The RCE flaws in Copilot (CVE-2026-21523, CVE-2026-21516, CVE-2026-21256) represent a growing attack surface. Review which systems and CI/CD pipelines have AI agent access, and enforce least-privilege now.
- Audit your RDP and VPN configurations. CVE-2026-21533 and CVE-2026-21525 specifically target remote access infrastructure. Confirm that RDP sessions require MFA, verify VPN failover behavior, and check that your "fail close" policies won't brick your endpoints if RasMan crashes.
- Brief your users on phishing. Three of the six zero-days (Shell bypass, MSHTML bypass, Word OLE bypass) rely on social engineering as the initial vector. A user has to click something. Make sure they know that the "Are you sure?" dialog might not show up this time.
Also worth noting: Microsoft has started rolling out updated Secure Boot certificates to replace the original 2011 certificates that expire in late June 2026. This is a separate but critical infrastructure update that affects Windows boot integrity. Don't let it get lost in the zero-day chaos.
Key Takeaways
- Six zero-days exploited in the wild is not normal. This is one of the most dangerous Patch Tuesdays in recent memory. The coordination between discovery teams at Microsoft, CrowdStrike, Google, and Acros Security points to sophisticated, possibly state-sponsored campaigns already targeting these flaws.
- Privilege escalation is the dominant attack vector of 2026. Nearly half of February's patches address EoP flaws. Attackers are already inside your network. They're looking for SYSTEM. These bugs give it to them.
- AI development tools are now an active attack surface. Prompt injection leading to RCE in GitHub Copilot is not a thought experiment anymore. If your developers use AI agents, you need security controls around those agents yesterday.
- Your VPN infrastructure is a target. The RasMan DoS vulnerability lets a non-admin user crash corporate VPN services with a simple script. If your VPN policies fail closed, that's a denial-of-service against your own workforce.
- Patch velocity is now a survival metric. When exploits are discovered in public malware repositories before patches ship, the window between "vulnerable" and "compromised" is measured in hours, not days.
The Check Point Cyber Security Report 2026 put it bluntly: attacks have moved beyond isolated methods to coordinated campaigns that combine AI, identity abuse, ransomware, edge infrastructure, and social engineering — and they move faster than most security programs are designed to handle. February's Patch Tuesday is exactly that scenario playing out in real time. Patch now. Brief your teams. Verify your controls. The attackers already have a head start.