Microsoft Patches 6 Actively Exploited Zero-Days
Summary
Microsoft’s February security update addresses 59 CVEs, including six zero-days that are already being actively exploited. Three of those are security feature bypasses (affecting Windows Shell/SmartScreen, MSHTML, and Microsoft Word/OLE), two are elevation-of-privilege flaws, and one enables denial-of-service conditions. Microsoft issued an out-of-band patch for one of the Office issues and flagged several other vulnerabilities as “more likely” to be exploited.
Key Points
- Six zero-days are actively exploited: three security feature bypasses, two elevation-of-privilege bugs, and one DoS flaw.
- Security feature bypass CVEs: CVE-2026-21510 (Windows Shell / SmartScreen), CVE-2026-21513 (MSHTML), CVE-2026-21514 (Word/OLE).
- Elevation-of-privilege and DoS CVEs include CVE-2026-21519, CVE-2026-21533 (privilege escalation), and CVE-2026-21525 (RAS manager DoS).
- Technical details for some bypass bugs are already public — increasing the risk of follow-on attacks.
- Microsoft labelled five additional CVEs as “more likely” to be exploited; security teams should prioritise review and remediation.
- Azure-related CVEs were called out as notable — even when marked “No Customer Action Required”, organisations should verify cloud posture and any signs of compromise.
Context and Relevance
This isn’t just another Patch Tuesday. Security feature bypasses make phishing and malware campaigns much more effective because they can neutralise protections users and systems rely on. Many affected components (Word, MSHTML, Windows Shell) are widespread and heavily targeted, so the potential attack surface is large. The combination of active exploitation plus public technical details raises the urgency for defenders to treat patching as active defence rather than routine maintenance.
Why should I read this?
Because if you manage Windows desktops, Office or Azure, you don’t want one of these bugs turning into a breach on your watch. The article saves you time by highlighting which CVEs are already being used in the wild, which ones bypass built-in protections, and which need immediate attention — so you can act fast and not dig through the full advisories yourself.
Author style
Punchy: This is highly relevant — patch quickly, prioritise the security feature bypasses and the Azure-related fixes, and treat this update as an active incident response task. If you delay, the public details and active exploitation make follow-up attacks likely.