The updates fix issues in products like Windows Remote Desktop Services, Microsoft Defender, Azure services, GitHub Copilot, Visual Studio Code, Microsoft Exchange, and Office apps.
Severity ratings include two Critical flaws and numerous Important ones, with types including remote code execution (RCE), elevation of privilege (EoP), information disclosure, spoofing, denial-of-service (DoS), and security feature bypass. Microsoft assigns customer action as required for all listed CVEs and urges immediate patching.
| Vulnerability Type | Count |
|---|---|
| Remote Code Execution | 11 |
| Denial of Service | 3 |
| Elevation of Privilege | 23 |
| Information Disclosure | 5 |
| Security Feature Bypass | 5 |
| Spoofing | 7 |
| Total | 54 |
Six zero-days were patched, marked as publicly disclosed and/or exploited prior to release. These include:
Attackers could chain these for broader compromise, such as bypassing protections to execute code or escalate privileges.
Two Critical vulnerabilities demand priority:
| CVE ID | Type | Affected Product | CVSS Implication |
|---|---|---|---|
| CVE-2026-23655 | Information Disclosure | Azure Compute Gallery (ACI Confidential Containers) | Allows sensitive data leak from confidential workloads. |
| CVE-2026-21522 | Elevation of Privilege | Azure Compute Gallery (ACI Confidential Containers) | Enables privilege escalation in container environments. |
These Azure flaws highlight risks in cloud-native confidential computing.
RCE flaws pose high risks in cloud and endpoint tools:
Office issues include spoofing in Outlook (CVE-2026-21527, CVE-2026-21260), info disclosure/EoP in Excel (CVE-2026-21261, CVE-2026-21259, CVE-2026-21258), and Word bypass (CVE-2026-21514). Windows sees EoP in HTTP.sys (CVE-2026-21250), Hyper-V bypass (CVE-2026-21255), and storage (CVE-2026-21508).
Azure-specific: Spoofing in HDInsight (CVE-2026-21529), info disclosure in IoT Explorer SDK (CVE-2026-21528). Other: XSS spoofing in Azure DevOps (CVE-2026-21512).
Elevated risks target developers (Copilot/VS Code), enterprises (Azure/Exchange), and endpoints (Windows/Defender). Exploitation could lead to data theft, lateral movement, or full compromise.
The table below summarizes the CVEs found in the provided text, including links to the official Microsoft Security Response Center (MSRC) pages for each vulnerability, along with their impact, severity, and affected product details.
| CVE ID | Impact | Severity | Vulnerability Title | Product/Component |
| CVE-2026-23655 | Information Disclosure | Critical | Microsoft ACI Confidential Containers Information Disclosure Vulnerability | Azure Compute Gallery |
| CVE-2026-21537 | Remote Code Execution | Important | Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability | Microsoft Defender for Linux |
| CVE-2026-21533 | Elevation of Privilege | Important | Windows Remote Desktop Services Elevation of Privilege Vulnerability | Windows Remote Desktop |
| CVE-2026-21531 | Remote Code Execution | Important | Azure SDK for Python Remote Code Execution Vulnerability | Azure SDK |
| CVE-2026-21529 | Spoofing | Important | Azure HDInsight Spoofing Vulnerability | Azure HDInsights |
| CVE-2026-21528 | Information Disclosure | Important | Azure IoT Explorer Information Disclosure Vulnerability | Azure IoT SDK |
| CVE-2026-21527 | Spoofing | Important | Microsoft Exchange Server Spoofing Vulnerability | Microsoft Exchange Server |
| CVE-2026-21525 | Denial of Service | Moderate | Windows Remote Access Connection Manager Denial of Service Vulnerability | Windows Remote Access Connection Manager |
| CVE-2026-21523 | Remote Code Execution | Important | GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability | GitHub Copilot and Visual Studio |
| CVE-2026-21522 | Elevation of Privilege | Critical | Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability | Azure Compute Gallery |
| CVE-2026-21519 | Elevation of Privilege | Important | Desktop Window Manager Elevation of Privilege Vulnerability | Desktop Window Manager |
| CVE-2026-21518 | Security Feature Bypass | Important | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | GitHub Copilot and Visual Studio Code |
| CVE-2026-21517 | Elevation of Privilege | Important | Windows App for Mac Installer Elevation of Privilege Vulnerability | Windows App for Mac |
| CVE-2026-21516 | Remote Code Execution | Important | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability | Github Copilot |
| CVE-2026-21514 | Security Feature Bypass | Important | Microsoft Word Security Feature Bypass Vulnerability | Microsoft Office Word |
| CVE-2026-21513 | Security Feature Bypass | Important | MSHTML Framework Security Feature Bypass Vulnerability | MSHTML Framework |
| CVE-2026-21512 | Spoofing | Important | Azure DevOps Server Cross-Site Scripting Vulnerability | Azure DevOps Server |
| CVE-2026-21511 | Spoofing | Important | Microsoft Outlook Spoofing Vulnerability | Microsoft Office Outlook |
| CVE-2026-21510 | Security Feature Bypass | Important | Windows Shell Security Feature Bypass Vulnerability | Windows Shell |
| CVE-2026-21508 | Elevation of Privilege | Important | Windows Storage Elevation of Privilege Vulnerability | Windows Storage |
| CVE-2026-21261 | Information Disclosure | Important | Microsoft Excel Information Disclosure Vulnerability | Microsoft Office Excel |
| CVE-2026-21260 | Spoofing | Important | Microsoft Outlook Spoofing Vulnerability | Microsoft Office Outlook |
| CVE-2026-21259 | Elevation of Privilege | Important | Microsoft Excel Elevation of Privilege Vulnerability | Microsoft Office Excel |
| CVE-2026-21258 | Information Disclosure | Important | Microsoft Excel Information Disclosure Vulnerability | Microsoft Office Excel |
| CVE-2026-21257 | Elevation of Privilege | Important | GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability | GitHub Copilot and Visual Studio |
| CVE-2026-21256 | Remote Code Execution | Important | GitHub Copilot and Visual Studio Remote Code Execution Vulnerability | GitHub Copilot and Visual Studio |
| CVE-2026-21255 | Security Feature Bypass | Important | Windows Hyper-V Security Feature Bypass Vulnerability | Windows Hyper-V |
| CVE-2026-21253 | Elevation of Privilege | Important | Mailslot File System Elevation of Privilege Vulnerability | Mailslot File System |
| CVE-2026-21251 | Elevation of Privilege | Important | Cluster Client Failover (CCF) Elevation of Privilege Vulnerability | Windows Cluster Client Failover |
| CVE-2026-21250 | Elevation of Privilege | Important | Windows HTTP.sys Elevation of Privilege Vulnerability | Windows HTTP.sys |
Prioritize critical and zero-day patches via Windows Update or WSUS; test in staging environments. Enable auto-updates, monitor MSRC for revisions, and audit Azure/Office configs. CISA may add top CVEs to the KEV catalog soon.
Other Patch Tuesday Updates
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Microsoft Patch Tuesday February 2026 – 54 Vulnerabilities Fixed, Including 6 Zero-days appeared first on Cyber Security News.
The post Torneos Upgrades Multichannel Playout With Imagine’s Versio appeared first on TV News Check.
The post Fuse Media Taps iSpot As Official Measurement Provider For FAST & CTV Inventory…
The post Ross Video to Invest C$122.5 Million To Expand Manufacturing & R&D appeared first…
The post NAB Show Makes 200+ Sessions Available On Demand appeared first on TV News…
The post Apple TV To Capture MLS Game Entirely On iPhone 17 Pro appeared first…
Grass Valley entered into a three-year enterprise agreement with Singapore-based Phoenix Broadcast Solutions as the…
This website uses cookies.