Three of those zero-days are security feature bypass flaws, which give attackers a way to slip past built-in protections in multiple Microsoft products.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

Microsoft's February Patch Tuesday addresses 59 CVEs, including 6 actively exploited zero-days requiring immediate attention. Three are security feature bypass flaws (CVE-2026-21510, CVE-2026-21513, CVE-2026-21514) affecting Windows SmartScreen, MSHTML, and Microsoft Word/Office, enabling attackers to execute arbitrary code via user interaction. Two elevation-of-privilege bugs target Desktop Windows Manager and Windows Remote Desktop Services, while a denial-of-service flaw in Windows Remote Access Connection Manager can be triggered by a non-admin user. Microsoft issued an emergency out-of-band patch for the Word vulnerability. Security teams are also advised to monitor 10 Azure CVEs, including one rated CVSS 9.8.

Microsoft Patches 6 Actively Exploited Zero-Days

Two Elevation of Privilege and 1 DoS Zero-Days