Critical vulnerabilities in SAP products were also patched.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Microsoft's February 2026 Patch Tuesday addresses 60 vulnerabilities, including six actively exploited flaws. Three involve security feature bypasses in Windows Shell, MSHTML Framework, and Office OLE mitigations that allow attackers to execute malicious content without user warnings. Two enable privilege escalation to System level through Desktop Windows Manager and Remote Desktop Services. A sixth affects Windows Remote Access Connection Manager, enabling denial of service. Additional critical issues include Azure Compute Gallery command injection, GitHub Copilot prompt injection enabling remote code execution in developer environments, and two critical SAP vulnerabilities with CVSS scores of 9.9 and 9.6 affecting CRM/S/4HANA and RFC execution paths.

February 2026 Patch Tuesday: Six new and actively exploited Microsoft vulnerabilities addressed