Report Name: Microsoft Patch Tuesday, February 2026
Generated: 2026-02-10 23:13:06

Product Name	Prevalence	U	C	H	M	L	A	Comment
Windows Kernel	0.9				4		4	Windows Kernel
Windows NTLM	0.9				1		1	A suite of security protocols to authenticate users' identity and protect the integrity and confidentiality of their activity
GDI+	0.8				1		1	GDI+
Microsoft Exchange	0.8				1		1	Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft
Windows Ancillary Function Driver for WinSock	0.8				3		3	Windows component
Windows App for Mac Installer	0.8				1		1	Windows component
Windows Connected Devices Platform Service	0.8				1		1	Windows component
Windows Graphics Component	0.8				2		2	Windows component
Windows HTTP.sys	0.8				3		3	Windows component
Windows Lightweight Directory Access Protocol (LDAP)	0.8				1		1	Windows component
Windows Notepad App	0.8			1			1	Windows component
Windows Remote Access Connection Manager	0.8			1			1	Windows component
Windows Remote Desktop Services	0.8		1				1	Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection
Windows Shell	0.8		1				1	Windows component
Windows Storage	0.8				1		1	Windows component
Windows Subsystem for Linux	0.8				2		2	Windows component
.NET	0.7				1		1	.NET
Microsoft Excel	0.6				3		3	MS Office product
Microsoft Outlook	0.6				2		2	Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites
Microsoft Word	0.6		1				1	Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product.
Windows Hyper-V	0.6				4		4	Hardware virtualization component of the client editions of Windows NT
Azure DevOps Server	0.5				1		1	Azure DevOps Server
Azure HDInsight	0.5				1		1	Azure HDInsight
Azure IoT Explorer	0.5				1		1	Azure IoT Explorer
Azure Local	0.5				1		1	Azure Local
Azure SDK for Python	0.5				1		1	Azure SDK for Python
Cluster Client Failover (CCF)	0.5				1		1	Cluster Client Failover (CCF)
Desktop Window Manager	0.5			1			1	Desktop Window Manager
GitHub Copilot and Visual Studio	0.5				2		2	GitHub Copilot and Visual Studio
GitHub Copilot and Visual Studio Code	0.5				2		2	GitHub Copilot and Visual Studio Code
GitHub Copilot for Jetbrains	0.5				1		1	GitHub Copilot for Jetbrains
MSHTML Framework	0.5			1			1	MSHTML Framework
Mailslot File System	0.5				1		1	Mailslot File System
Microsoft ACI Confidential Containers	0.5				2		2	Microsoft ACI Confidential Containers
Microsoft Defender for Endpoint Linux Extension	0.5				1		1	Microsoft Defender for Endpoint Linux Extension
libjpeg	0.5			1			1	libjpeg
Power BI	0.3				1		1	Power BI is a business analytics service by Microsoft

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0			1	10		11
Security Feature Bypass	0.9		2	1	2		5
Elevation of Privilege	0.85		1	1	21		23
Information Disclosure	0.83				5		5
Cross Site Scripting	0.8				1		1
Denial of Service	0.7			2	2		4
Spoofing	0.4				6		6

Source	U	C	H	M	L	A
Tenable		3	4	1		8
ZDI		3	3			6

Urgent (0)

Critical (3)

1. Security Feature Bypass - Windows Shell (CVE-2026-21510) - Critical [736]

Description: Windows Shell Security Feature Bypass Vulnerability

Tenable: Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

Tenable: CVE-2026-21510 | Windows Shell Security Feature Bypass Vulnerability

Tenable: CVE-2026-21510 is a security feature bypass vulnerability affecting Windows Shell. It was assigned a CVSSv3 score of 8.8 and was rated as important. According to Microsoft, this flaw was publicly disclosed prior to a patch being made available and was also exploited in the wild as a zero-day. Exploitation requires an attacker to convince an unsuspecting user to open a malicious link or shortcut file. This would allow the attacker to bypass Windows SmartScreen and Windows Shell warnings by exploiting a flaw in Windows Shell components.

ZDI: CVE-2026-21510 - Windows Shell Security Feature Bypass Vulnerability. This bug is listed as a security feature bypass, but it could also be classified as code execution. An attacker can bypass Windows SmartScreen and Windows Shell security prompts to execute code on a target system. This bug is also listed as publicly known, but Microsoft doesn’t say where. There is user interaction here, as the client needs to click a link or a shortcut file. Still, a one-click bug to gain code execution is a rarity. Definitely test and deploy this fix quickly.

2. Elevation of Privilege - Windows Remote Desktop Services (CVE-2026-21533) - Critical [716]

Description: Windows Remote Desktop Services Elevation of Privilege Vulnerability

Tenable: CVE-2026-21533 | Windows Remote Desktop Services Elevation of Privilege Vulnerability

Tenable: CVE-2026-21533 is an EoP vulnerability affecting Windows Remote Desktop Services. It was assigned a CVSSv3 score of 7.8, rated as important and was reportedly exploited in the wild. Successful exploitation allows a local, authenticated attacker to elevate to SYSTEM privileges.

ZDI: CVE-2026-21533 - Windows Remote Desktop Services Elevation of Privilege Vulnerability. Don’t let the word “Remote” in the title fool you – this is a local bug that allows attackers to run code with SYSTEM privileges. It’s interesting that Microsoft lists “Improper privilege management” as the root cause for this issue. If the system is running Remote Desktop Services, it’s probably a juicy target for attackers to move laterally after an initial breach. Add this one to the list of patches to test and deploy immediately.

3. Security Feature Bypass - Microsoft Word (CVE-2026-21514) - Critical [691]

Description: Microsoft Word Security Feature Bypass Vulnerability

Tenable: CVE-2026-21514 | Microsoft Word Security Feature Bypass Vulnerability

Tenable: CVE-2026-21514 is a security feature bypass vulnerability affecting Microsoft Word. It was assigned a CVSSv3 score of 7.8 and rated as important. Successful exploitation requires an attacker to convince a user to open a crafted Office file. According to the Microsoft advisory, the preview pane is not an attack vector. This vulnerability was publicly disclosed prior to a patch being made available and was also exploited in the wild as a zero-day. Microsoft credited the discovery of this vulnerability to an Anonymous researcher, Google Threat Intelligence Group, Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) and Office Product Group Security Team.

ZDI: CVE-2026-21514 - Microsoft Word Security Feature Bypass Vulnerability. This bug also requires user interaction in the form of opening a Word document, but that’s all that’s required to bypass protections to dangerous COM/OLE controls. Thankfully, the Preview Pane is not an attack vector here. However, users are well known to open lots of documents they receive in e-mail. This bypass could also result in code execution if the right COM/OLE control is hit. This is also listed as publicly known, so add this to the list to test and deploy quickly.

High (5)

4. Security Feature Bypass - MSHTML Framework (CVE-2026-21513) - High [565]

Description: MSHTML Framework Security Feature Bypass Vulnerability

Tenable: Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

Tenable: CVE-2026-21513 | MSHTML Framework Security Feature Bypass Vulnerability

Tenable: CVE-2026-21513 is a security feature bypass vulnerability in the MSHTML Framework. It was assigned a CVSSv3 score of 8.8 and rated as important. According to Microsoft, it was both exploited in the wild and publicly disclosed prior to a patch being available. Successful exploitation of this flaw requires an attacker to convince a potential victim into opening either a malicious HTML file or a shortcut (.lnk) file. Like similar security feature bypass flaws, this vulnerability can bypass protection prompts that would caution a user before opening a file.

ZDI: CVE-2026-21513 - Internet Explorer Security Feature Bypass Vulnerability. Although long gone by many measurements, IE does still exist on Windows systems, and calling it always results in a vulnerability somehow. This bug manifests similarly to the Shell bug above, as it requires user interaction but could result in code execution. The bypass here is simply the ability to reach IE, which shouldn’t be possible. Again, test and deploy this fix quickly.

5. Denial of Service - Windows Remote Access Connection Manager (CVE-2026-21525) - High [544]

Description: Windows Remote Access Connection Manager Denial of Service Vulnerability

Tenable: CVE-2026-21525 | Windows Remote Access Connection Manager Denial of Service Vulnerability

Tenable: CVE-2026-21525 is a denial of service (DoS) vulnerability affecting Windows Remote Access Connection Manager (also known as RasMan), a tool used for the management of multiple remote desktop connections. It was assigned a CVSSv3 score of 6.2, was rated as important and was exploited in the wild. While no information has been released about the exploitation of this DoS, the advisory credits the 0patch vulnerability research team for reporting this flaw.

ZDI: CVE-2026-21525 - Windows Remote Access Connection Manager Denial of Service Vulnerability. It’s unusual to see DoS bugs being used in active attacks, but that’s what we have here. A null pointer deref in the Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. Most null pointer derefs cause the application or service to crash, but it’s not clear if it will automatically restart. I would exercise caution and patch quickly either way.

6. Elevation of Privilege - Desktop Window Manager (CVE-2026-21519) - High [544]

Description: Desktop Window Manager Elevation of Privilege Vulnerability

Tenable: CVE-2026-21519 | Desktop Window Manager Elevation of Privilege Vulnerability

Tenable: CVE-2026-21519 is an EoP vulnerability affecting Desktop Window Manager, a Windows service used to render the graphical user interface (GUI) in Windows. It was assigned a CVSSv3 score of 7.8 and rated as important. A local, authenticated attacker could exploit this vulnerability to elevate to SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.

ZDI: CVE-2026-21519 - Desktop Window Manager Elevation of Privilege Vulnerability. This is the second month in a row that a DWM was listed as being exploited in the wild. That leads me to believe the first patch didn’t completely resolve the vulnerability. Same as last month, this bug allows attackers to run code with SYSTEM privileges. Bugs of this type are typically paired with a code execution bug to take over a system. As always, Microsoft offers no indication of how widespread these exploits may be.

7. Denial of Service - libjpeg (CVE-2023-2804) - High [517]

Description: A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.

Tenable: Microsoft patched 54 CVEs in its February 2026 Patch Tuesday release, with two rated critical, 51 rated as important and one rated as moderate. We omitted one vulnerability from our counts this month, CVE-2023-2804, a heap based overflow vulnerability in the libjpeg-turbo component.

8. Remote Code Execution - Windows Notepad App (CVE-2026-20841) - High [419]

Description: Windows Notepad App Remote Code Execution Vulnerability

Medium (47)

9. Elevation of Privilege - Microsoft ACI Confidential Containers (CVE-2026-21522) - Medium [399]

Description: Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

10. Elevation of Privilege - Windows Kernel (CVE-2026-21231) - Medium [397]

Description: Windows Kernel Elevation of Privilege Vulnerability

11. Elevation of Privilege - Windows Kernel (CVE-2026-21239) - Medium [397]

Description: Windows Kernel Elevation of Privilege Vulnerability

12. Elevation of Privilege - Windows Kernel (CVE-2026-21245) - Medium [397]

Description: Windows Kernel Elevation of Privilege Vulnerability

13. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2026-21236) - Medium [380]

Description: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

14. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2026-21238) - Medium [380]

Description: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

15. Elevation of Privilege - Windows Graphics Component (CVE-2026-21246) - Medium [380]

Description: Windows Graphics Component Elevation of Privilege Vulnerability

16. Elevation of Privilege - Windows HTTP.sys (CVE-2026-21232) - Medium [380]

Description: Windows HTTP.sys Elevation of Privilege Vulnerability

17. Elevation of Privilege - Windows HTTP.sys (CVE-2026-21240) - Medium [380]

Description: Windows HTTP.sys Elevation of Privilege Vulnerability

18. Elevation of Privilege - Windows HTTP.sys (CVE-2026-21250) - Medium [380]

Description: Windows HTTP.sys Elevation of Privilege Vulnerability

19. Remote Code Execution - Azure SDK for Python (CVE-2026-21531) - Medium [380]

Description: Azure SDK for Python Remote Code Execution Vulnerability

20. Information Disclosure - Windows Kernel (CVE-2026-21222) - Medium [369]

Description: Windows Kernel Information Disclosure Vulnerability

21. Remote Code Execution - GitHub Copilot and Visual Studio (CVE-2026-21256) - Medium [369]

Description: GitHub Copilot and Visual Studio Remote Code Execution Vulnerability

22. Remote Code Execution - GitHub Copilot for Jetbrains (CVE-2026-21516) - Medium [369]

Description: GitHub Copilot for Jetbrains Remote Code Execution Vulnerability

23. Remote Code Execution - Microsoft Defender for Endpoint Linux Extension (CVE-2026-21537) - Medium [369]

Description: Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability

24. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2026-21241) - Medium [368]

Description: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

25. Elevation of Privilege - Windows App for Mac Installer (CVE-2026-21517) - Medium [368]

Description: Windows App for Mac Installer Elevation of Privilege Vulnerability

26. Elevation of Privilege - Windows Connected Devices Platform Service (CVE-2026-21234) - Medium [368]

Description: Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

27. Elevation of Privilege - Windows Graphics Component (CVE-2026-21235) - Medium [368]

Description: Windows Graphics Component Elevation of Privilege Vulnerability

28. Elevation of Privilege - Windows Storage (CVE-2026-21508) - Medium [368]

Description: Windows Storage Elevation of Privilege Vulnerability

29. Elevation of Privilege - Windows Subsystem for Linux (CVE-2026-21237) - Medium [368]

Description: Windows Subsystem for Linux Elevation of Privilege Vulnerability

30. Elevation of Privilege - Windows Subsystem for Linux (CVE-2026-21242) - Medium [368]

Description: Windows Subsystem for Linux Elevation of Privilege Vulnerability

31. Security Feature Bypass - Windows Hyper-V (CVE-2026-21255) - Medium [367]

Description: Windows Hyper-V Security Feature Bypass Vulnerability

32. Remote Code Execution - Windows Hyper-V (CVE-2026-21244) - Medium [361]

Description: Windows Hyper-V Remote Code Execution Vulnerability

33. Remote Code Execution - Windows Hyper-V (CVE-2026-21247) - Medium [361]

Description: Windows Hyper-V Remote Code Execution Vulnerability

34. Remote Code Execution - Windows Hyper-V (CVE-2026-21248) - Medium [361]

Description: Windows Hyper-V Remote Code Execution Vulnerability

35. Remote Code Execution - Azure Local (CVE-2026-21228) - Medium [357]

Description: Azure Local Remote Code Execution Vulnerability

36. Remote Code Execution - GitHub Copilot and Visual Studio Code (CVE-2026-21523) - Medium [357]

Description: GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability

37. Denial of Service - GDI+ (CVE-2026-20846) - Medium [353]

Description: GDI+ Denial of Service Vulnerability

38. Denial of Service - Windows Lightweight Directory Access Protocol (LDAP) (CVE-2026-21243) - Medium [353]

Description: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

39. Elevation of Privilege - Microsoft Excel (CVE-2026-21259) - Medium [347]

Description: Microsoft Excel Elevation of Privilege Vulnerability

40. Elevation of Privilege - Cluster Client Failover (CCF) (CVE-2026-21251) - Medium [330]

Description: Cluster Client Failover (CCF) Elevation of Privilege Vulnerability

41. Elevation of Privilege - GitHub Copilot and Visual Studio (CVE-2026-21257) - Medium [330]

Description: GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability

42. Security Feature Bypass - GitHub Copilot and Visual Studio Code (CVE-2026-21518) - Medium [327]

Description: GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

43. Remote Code Execution - Power BI (CVE-2026-21229) - Medium [323]

Description: Power BI Remote Code Execution Vulnerability

44. Information Disclosure - Microsoft Excel (CVE-2026-21258) - Medium [319]

Description: Microsoft Excel Information Disclosure Vulnerability

45. Information Disclosure - Microsoft Excel (CVE-2026-21261) - Medium [319]

Description: Microsoft Excel Information Disclosure Vulnerability

46. Elevation of Privilege - Mailslot File System (CVE-2026-21253) - Medium [318]

Description: Mailslot File System Elevation of Privilege Vulnerability

47. Information Disclosure - Azure IoT Explorer (CVE-2026-21528) - Medium [314]

Description: Azure IoT Explorer Information Disclosure Vulnerability

48. Information Disclosure - Microsoft ACI Confidential Containers (CVE-2026-23655) - Medium [314]

Description: Microsoft ACI Confidential Containers Information Disclosure Vulnerability

49. Cross Site Scripting - Azure DevOps Server (CVE-2026-21512) - Medium [309]

Description: Azure DevOps Server Cross-Site Scripting Vulnerability

50. Spoofing - Microsoft Exchange (CVE-2026-21527) - Medium [288]

Description: Microsoft Exchange Server Spoofing Vulnerability

51. Spoofing - .NET (CVE-2026-21218) - Medium [283]

Description: .NET Spoofing Vulnerability

52. Spoofing - Microsoft Outlook (CVE-2026-21260) - Medium [266]

Description: Microsoft Outlook Spoofing Vulnerability

53. Spoofing - Microsoft Outlook (CVE-2026-21511) - Medium [266]

Description: Microsoft Outlook Spoofing Vulnerability

Tenable: CVE-2026-21511 | Microsoft Outlook Spoofing Vulnerability

Tenable: CVE-2026-21511 is a spoofing vulnerability affecting Microsoft Outlook. It was assigned a CVSSv3 score of 7.5 and was rated as important. The spoofing vulnerability is the result of a deserialization of untrusted data flaw, which an attacker can trigger using a crafted email. Microsoft notes that the preview pane is an attack vector for this flaw. CVE-2026-21511 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index.

54. Spoofing - Windows NTLM (CVE-2026-21249) - Medium [257]

Description: Windows NTLM Spoofing Vulnerability

55. Spoofing - Azure HDInsight (CVE-2026-21529) - Medium [226]

Description: Azure HDInsight Spoofing Vulnerability

Low (0)

Exploitation in the wild detected (6)

Security Feature Bypass (3)

• Windows Shell (CVE-2026-21510)

Tenable: Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

Tenable: CVE-2026-21510 | Windows Shell Security Feature Bypass Vulnerability

Tenable: CVE-2026-21510 is a security feature bypass vulnerability affecting Windows Shell. It was assigned a CVSSv3 score of 8.8 and was rated as important. According to Microsoft, this flaw was publicly disclosed prior to a patch being made available and was also exploited in the wild as a zero-day. Exploitation requires an attacker to convince an unsuspecting user to open a malicious link or shortcut file. This would allow the attacker to bypass Windows SmartScreen and Windows Shell warnings by exploiting a flaw in Windows Shell components.

ZDI: CVE-2026-21510 - Windows Shell Security Feature Bypass Vulnerability. This bug is listed as a security feature bypass, but it could also be classified as code execution. An attacker can bypass Windows SmartScreen and Windows Shell security prompts to execute code on a target system. This bug is also listed as publicly known, but Microsoft doesn’t say where. There is user interaction here, as the client needs to click a link or a shortcut file. Still, a one-click bug to gain code execution is a rarity. Definitely test and deploy this fix quickly.

• Microsoft Word (CVE-2026-21514)

Tenable: CVE-2026-21514 | Microsoft Word Security Feature Bypass Vulnerability

Tenable: CVE-2026-21514 is a security feature bypass vulnerability affecting Microsoft Word. It was assigned a CVSSv3 score of 7.8 and rated as important. Successful exploitation requires an attacker to convince a user to open a crafted Office file. According to the Microsoft advisory, the preview pane is not an attack vector. This vulnerability was publicly disclosed prior to a patch being made available and was also exploited in the wild as a zero-day. Microsoft credited the discovery of this vulnerability to an Anonymous researcher, Google Threat Intelligence Group, Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) and Office Product Group Security Team.

ZDI: CVE-2026-21514 - Microsoft Word Security Feature Bypass Vulnerability. This bug also requires user interaction in the form of opening a Word document, but that’s all that’s required to bypass protections to dangerous COM/OLE controls. Thankfully, the Preview Pane is not an attack vector here. However, users are well known to open lots of documents they receive in e-mail. This bypass could also result in code execution if the right COM/OLE control is hit. This is also listed as publicly known, so add this to the list to test and deploy quickly.

• MSHTML Framework (CVE-2026-21513)

Tenable: Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

Tenable: CVE-2026-21513 | MSHTML Framework Security Feature Bypass Vulnerability

Tenable: CVE-2026-21513 is a security feature bypass vulnerability in the MSHTML Framework. It was assigned a CVSSv3 score of 8.8 and rated as important. According to Microsoft, it was both exploited in the wild and publicly disclosed prior to a patch being available. Successful exploitation of this flaw requires an attacker to convince a potential victim into opening either a malicious HTML file or a shortcut (.lnk) file. Like similar security feature bypass flaws, this vulnerability can bypass protection prompts that would caution a user before opening a file.

ZDI: CVE-2026-21513 - Internet Explorer Security Feature Bypass Vulnerability. Although long gone by many measurements, IE does still exist on Windows systems, and calling it always results in a vulnerability somehow. This bug manifests similarly to the Shell bug above, as it requires user interaction but could result in code execution. The bypass here is simply the ability to reach IE, which shouldn’t be possible. Again, test and deploy this fix quickly.

Elevation of Privilege (2)

• Windows Remote Desktop Services (CVE-2026-21533)

Tenable: CVE-2026-21533 | Windows Remote Desktop Services Elevation of Privilege Vulnerability

Tenable: CVE-2026-21533 is an EoP vulnerability affecting Windows Remote Desktop Services. It was assigned a CVSSv3 score of 7.8, rated as important and was reportedly exploited in the wild. Successful exploitation allows a local, authenticated attacker to elevate to SYSTEM privileges.

ZDI: CVE-2026-21533 - Windows Remote Desktop Services Elevation of Privilege Vulnerability. Don’t let the word “Remote” in the title fool you – this is a local bug that allows attackers to run code with SYSTEM privileges. It’s interesting that Microsoft lists “Improper privilege management” as the root cause for this issue. If the system is running Remote Desktop Services, it’s probably a juicy target for attackers to move laterally after an initial breach. Add this one to the list of patches to test and deploy immediately.

• Desktop Window Manager (CVE-2026-21519)

Tenable: CVE-2026-21519 | Desktop Window Manager Elevation of Privilege Vulnerability

Tenable: CVE-2026-21519 is an EoP vulnerability affecting Desktop Window Manager, a Windows service used to render the graphical user interface (GUI) in Windows. It was assigned a CVSSv3 score of 7.8 and rated as important. A local, authenticated attacker could exploit this vulnerability to elevate to SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.

ZDI: CVE-2026-21519 - Desktop Window Manager Elevation of Privilege Vulnerability. This is the second month in a row that a DWM was listed as being exploited in the wild. That leads me to believe the first patch didn’t completely resolve the vulnerability. Same as last month, this bug allows attackers to run code with SYSTEM privileges. Bugs of this type are typically paired with a code execution bug to take over a system. As always, Microsoft offers no indication of how widespread these exploits may be.

Denial of Service (1)

• Windows Remote Access Connection Manager (CVE-2026-21525)

Tenable: CVE-2026-21525 | Windows Remote Access Connection Manager Denial of Service Vulnerability

Tenable: CVE-2026-21525 is a denial of service (DoS) vulnerability affecting Windows Remote Access Connection Manager (also known as RasMan), a tool used for the management of multiple remote desktop connections. It was assigned a CVSSv3 score of 6.2, was rated as important and was exploited in the wild. While no information has been released about the exploitation of this DoS, the advisory credits the 0patch vulnerability research team for reporting this flaw.

ZDI: CVE-2026-21525 - Windows Remote Access Connection Manager Denial of Service Vulnerability. It’s unusual to see DoS bugs being used in active attacks, but that’s what we have here. A null pointer deref in the Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. Most null pointer derefs cause the application or service to crash, but it’s not clear if it will automatically restart. I would exercise caution and patch quickly either way.

Public exploit exists, but exploitation in the wild is NOT detected (1)

Denial of Service (1)

• libjpeg (CVE-2023-2804)

Tenable: Microsoft patched 54 CVEs in its February 2026 Patch Tuesday release, with two rated critical, 51 rated as important and one rated as moderate. We omitted one vulnerability from our counts this month, CVE-2023-2804, a heap based overflow vulnerability in the libjpeg-turbo component.

Other Vulnerabilities (48)

Remote Code Execution (11)

• Windows Notepad App (CVE-2026-20841)
• Azure SDK for Python (CVE-2026-21531)
• GitHub Copilot and Visual Studio (CVE-2026-21256)
• GitHub Copilot for Jetbrains (CVE-2026-21516)
• Microsoft Defender for Endpoint Linux Extension (CVE-2026-21537)
• Windows Hyper-V (CVE-2026-21244, CVE-2026-21247, CVE-2026-21248)
• Azure Local (CVE-2026-21228)
• GitHub Copilot and Visual Studio Code (CVE-2026-21523)
• Power BI (CVE-2026-21229)

Elevation of Privilege (21)

• Microsoft ACI Confidential Containers (CVE-2026-21522)
• Windows Kernel (CVE-2026-21231, CVE-2026-21239, CVE-2026-21245)
• Windows Ancillary Function Driver for WinSock (CVE-2026-21236, CVE-2026-21238, CVE-2026-21241)
• Windows Graphics Component (CVE-2026-21235, CVE-2026-21246)
• Windows HTTP.sys (CVE-2026-21232, CVE-2026-21240, CVE-2026-21250)
• Windows App for Mac Installer (CVE-2026-21517)
• Windows Connected Devices Platform Service (CVE-2026-21234)
• Windows Storage (CVE-2026-21508)
• Windows Subsystem for Linux (CVE-2026-21237, CVE-2026-21242)
• Microsoft Excel (CVE-2026-21259)
• Cluster Client Failover (CCF) (CVE-2026-21251)
• GitHub Copilot and Visual Studio (CVE-2026-21257)
• Mailslot File System (CVE-2026-21253)

Information Disclosure (5)

• Windows Kernel (CVE-2026-21222)
• Microsoft Excel (CVE-2026-21258, CVE-2026-21261)
• Azure IoT Explorer (CVE-2026-21528)
• Microsoft ACI Confidential Containers (CVE-2026-23655)

Security Feature Bypass (2)

• Windows Hyper-V (CVE-2026-21255)
• GitHub Copilot and Visual Studio Code (CVE-2026-21518)

Denial of Service (2)

• GDI+ (CVE-2026-20846)
• Windows Lightweight Directory Access Protocol (LDAP) (CVE-2026-21243)

Cross Site Scripting (1)

• Azure DevOps Server (CVE-2026-21512)

Spoofing (6)

• Microsoft Exchange (CVE-2026-21527)
• .NET (CVE-2026-21218)
• Microsoft Outlook (CVE-2026-21260, CVE-2026-21511)

Tenable: CVE-2026-21511 | Microsoft Outlook Spoofing Vulnerability

Tenable: CVE-2026-21511 is a spoofing vulnerability affecting Microsoft Outlook. It was assigned a CVSSv3 score of 7.5 and was rated as important. The spoofing vulnerability is the result of a deserialization of untrusted data flaw, which an attacker can trigger using a crafted email. Microsoft notes that the preview pane is an attack vector for this flaw. CVE-2026-21511 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index.

• Windows NTLM (CVE-2026-21249)
• Azure HDInsight (CVE-2026-21529)