InfoSecBulletin Cybersecurity for mankind
Today is Microsoft’s February 2026 Patch Tuesday, featuring security updates for 58 flaws, including 6 that are actively exploited and 3 publicly disclosed zero-day vulnerabilities.
This Patch Tuesday fixes five “Critical” vulnerabilities: three elevate privileges and two disclose information. The details of vulnerabilities by category are as follows:
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
World’s first wind power underwater data center is now live
VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts
CVE-2026-50751
Check Point VPN 0-day Flaw Exploited in the Wild
AI-designed First ‘universal vaccine’ tested in humans
China Unveils First Prefabricated Data Center Base, Reducing Construction Time by 70%
Hacker now exploits recently patched SolarWinds Serv-U flaw
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass
Ransomware Crisis Deepens: 4,089 Victims Hit Across 121 Countries in 2026
25 Elevation of Privilege vulnerabilities
5 Security Feature Bypass vulnerabilities
12 Remote Code Execution vulnerabilities
6 Information Disclosure vulnerabilities
3 Denial of Service vulnerabilities
7 Spoofing vulnerabilities
The zero-days are:
CVE-2026-21510: a Windows SmartScreen and Windows Shell security prompts bypass that can be exploited by convincing the targeted user to open a malicious link or shortcut file.
CVE-2026-21514: a vulnerability that allows an attacker to bypass OLE mitigations in Microsoft 365 and Office by tricking the target into opening a malicious Office file.
CVE-2026-21513: an Internet Explorer issue that allows an attacker to bypass security controls and potentially execute code by convincing the victim to open a malicious HTML or LNK file.
CVE-2026-21519: a Windows Desktop Window Manager flaw that can be exploited by a local attacker for privilege escalation.
CVE-2026-21533: a Windows Remote Desktop Services vulnerability that allows an attacker to escalate privileges to System.
CVE-2026-21525: a Windows Remote Access Connection Manager bug that can be exploited for local DoS attacks.
Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, told SecurityWeek, “The CVE-2026-21533 exploit binary modifies a service configuration key, replacing it with an attacker-controlled key, which could enable adversaries to escalate privileges to add a new user to the Administrator group. While CrowdStrike does not currently attribute this activity to a specific target or adversary, threat actors possessing the exploit binaries will likely accelerate their attempts to use or sell CVE-2026-21533 in the near term.”
Mitja Kolsek, CEO of Acros Security, told SecurityWeek, “We found an exploit for this issue in December 2025 in a public malware repository while searching for an exploit for CVE-2025-59230. This issue turned out to be a 0day at the time, so we patched it and reported it to Microsoft. We don’t have any information on it having been exploited, but the quality of the combined exploit for both issues suggested professional work.”
