![\"Patch](\"https:\/\/www.europesays.com\/us\/wp-content\/uploads\/2026\/02\/patch_tuesday_microsoft.jpg\")
<\/p>\n<\/p>\n
Today is Microsoft’s February 2026\u00a0Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclosed zero-day vulnerabilities.<\/p>\n
This Patch Tuesday also addresses five\u00a0“Critical” vulnerabilities, 3 of which are elevation of privileges flaws and 2 information disclosure flaws.<\/p>\n
The number of bugs in each vulnerability category is listed below:<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
\n<\/ul>\n When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include 3 Microsoft Edge flaws\u00a0fixed earlier this month.<\/p>\n As part of these updates, Microsoft has also\u00a0begun to roll out\u00a0updated Secure Boot certificates<\/a> to replace the original 2011 certificates that are expiring in late June 2026.<\/p>\n “With this update, Windows quality updates include a broad set of targeting data that identifies devices and their ability to receive new Secure Boot certificates,” explains Microsoft in the Windows 11 update notes.<\/p>\n “Devices will receive the new certificates only after they show sufficient successful update signals, which helps ensures a safe and phased rollout.”<\/p>\n To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5077181 & KB5075941 cumulative updates<\/a>\u00a0and the\u00a0Windows 10 KB5075912 extended security update<\/a>.<\/p>\n 6 actively exploited zero-days<\/p>\n This month’s Patch Tuesday fixes six actively exploited vulnerabilities, three of which are publicly disclosed.<\/p>\n Microsoft classifies a zero-day flaw<\/a> as publicly disclosed or actively exploited while no official fix is available.<\/p>\n The six actively exploited zero-days are:<\/p>\n CVE-2026-21510 – Windows Shell Security Feature Bypass Vulnerability<\/a><\/strong><\/p>\n Microsoft has patched an actively exploited Windows security feature bypass that can be triggered by opening a specially crafted link or shortcut file.<\/p>\n “To successfully exploit this vulnerability, an attacker must convince a user to open a malicious link or shortcut file.” explains Microsoft.<\/p>\n “An attacker could bypass Windows SmartScreen and Windows Shell security prompts by exploiting improper handling in Windows Shell components, allowing attacker\u2011controlled content to execute without user warning or consent,” continued Microsoft.<\/p>\n While Microsoft has not shared further details, it likely allows attackers to bypass the Mark of the Web (MoTW) security warnings.<\/p>\n Microsoft has attributed the discovery of the flaw to Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), Office Product Group Security Team, Google Threat Intelligence Group, and an anonymous researcher.<\/p>\n CVE-2026-21513 –\u00a0MSHTML Framework Security Feature Bypass Vulnerability<\/a><\/strong><\/p>\n Microsoft has patched an actively exploited MSHTML security feature bypass flaw in Windows.<\/p>\n “Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network,” explains Microsoft.<\/p>\n There are no details on how this was exploited.<\/p>\n This flaw was once again attributed to Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), Office Product Group Security Team, and Google Threat Intelligence Group.<\/p>\n CVE-2026-21514 – Microsoft Word Security Feature Bypass Vulnerability<\/a><\/strong><\/p>\n Microsoft has patched a security feature bypass flaw in Microsoft Word that is actively exploited.<\/p>\n “An attacker must send a user a malicious Office file and convince them to open it,” warns Microsoft’s advisory.<\/p>\n “This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM\/OLE control,” continues Microsoft.<\/p>\n Microsoft says that the flaw cannot be exploited in the Office Preview Pane.<\/p>\n The flaw was again attributed to Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), Office Product Group Security Team, Google Threat Intelligence Group, and an anonymous researcher.<\/p>\n As no details have been released, it is unclear if CVE-2026-21510,\u00a0CVE-2026-21513, and\u00a0CVE-2026-21514 were exploited in the same campaign.<\/p>\n CVE-2026-21519 –\u00a0Desktop Window Manager Elevation of Privilege Vulnerability<\/a><\/strong><\/p>\n Microsoft has patched an actively exploited elevation of privileges flaw in the Desktop Window Manager.<\/p>\n “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” warns Microsoft.<\/p>\n No details have been shared on how it was exploited.<\/p>\n Microsoft has attributed the discovery of the flaw to Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC).<\/p>\n CVE-2026-21525 –\u00a0Windows Remote Access Connection Manager Denial of Service Vulnerability<\/a><\/strong><\/p>\n Microsoft fixed an actively exploited denial of service flaw in the Windows Remote Access Connection Manager.<\/p>\n “Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally,’ explains Microsoft.<\/p>\n Microsoft has attributed the discovery of the flaw to the ACROS Security team with 0patch.<\/p>\n ACROS CEO Mitja Kolsek told BleepingComputer that the exploit was found in a public malware repository but is unsure how it is being exploited in attacks.<\/p>\n “We found an exploit for this issue in December 2025 in a public malware repository while searching for an exploit for CVE-2025-59230,” Kolsek told BleepingComputer.<\/p>\n “This issue turned out to be a 0day at the time, so we patched it (blog.0patch.com\/2025\/12\/free-micropatches-for-windows-remote.html) and reported it to Microsoft. We don’t have any information on it having been exploited, but the quality of the combined exploit for both issues suggested professional work.”<\/p>\n CVE-2026-21533 –\u00a0Windows Remote Desktop Services Elevation of Privilege Vulnerability<\/a><\/strong><\/p>\n Microsoft has fixed an elevation of privileges in Windows Remote Desktop Services.<\/p>\n “Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally,” explains Microsoft.<\/p>\n Microsoft has attributed the discovery of the flaw to the Advanced Research Team at\u00a0CrowdStrike.<\/p>\n CrowdStrike told BleepingComputer that the exploit they observed allows threat actors to add a new user to the Administrator group.<\/p>\n “The CVE-2026-21533 exploit binary modifies a service configuration key, replacing it with an attacker-controlled key, which could enable adversaries to escalate privileges to add a new user to the Administrator group,” Adam Meyers, Head of Counter Adversary Operations, CrowdStrike, told BleepingComputer.<\/p>\n “While CrowdStrike does not currently attribute this activity to a specific target or adversary, threat actors possessing the exploit binaries will likely accelerate their attempts to use or sell CVE-2026-21533 in the near term.”<\/p>\n Of the six zero-days,\u00a0CVE-2026-21513, CVE-2026-21510, and\u00a0CVE-2026-21514 were publicly disclosed.<\/p>\n Recent updates from other companies<\/p>\n Other vendors who released updates or advisories in February 2026\u00a0include:<\/p>\n While not a security update, Microsoft has started rolling out built-in Sysmon functionality in Windows 11 insider builds<\/a>, which many Windows admins will find useful.<\/p>\n The February 2026\u00a0Patch Tuesday Security Updates<\/p>\n Below is the complete list of resolved vulnerabilities in the February 2026\u00a0Patch Tuesday updates.<\/p>\n To\u00a0access the full description of each vulnerability and the systems\u00a0it affects, you can view the\u00a0full report here<\/a>.<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
Update 2\/10\/26: Added information about how\u00a0CVE-2026-21533\u00a0and\u00a0CVE-2026-21525 are exploited.<\/p>\n![\"Wiz\"](\"https:\/\/www.europesays.com\/us\/wp-content\/uploads\/2026\/02\/Securing-AI-Agents-970x250.png\")
<\/a><\/p>\n\n
Tag
\n\t\t\tCVE ID
\n\t\t\tCVE Title
\n\t\t\tSeverity
\n\t\t<\/tr>\n\n .NET<\/td>\n CVE-2026-21218<\/a><\/td>\n .NET Spoofing Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Azure Arc<\/td>\n CVE-2026-24302<\/a><\/td>\n Azure Arc Elevation of Privilege Vulnerability<\/td>\n Critical<\/td>\n
\n\t\t<\/tr>\n\n Azure Compute Gallery<\/td>\n CVE-2026-23655<\/a><\/td>\n Microsoft ACI Confidential Containers Information Disclosure Vulnerability<\/td>\n Critical<\/td>\n
\n\t\t<\/tr>\n\n Azure Compute Gallery<\/td>\n CVE-2026-21522<\/a><\/td>\n Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability<\/td>\n Critical<\/td>\n
\n\t\t<\/tr>\n\n Azure DevOps Server<\/td>\n CVE-2026-21512<\/a><\/td>\n Azure DevOps Server Cross-Site Scripting Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Azure Front Door (AFD)<\/td>\n CVE-2026-24300<\/a><\/td>\n Azure Front Door Elevation of Privilege Vulnerability<\/td>\n Critical<\/td>\n
\n\t\t<\/tr>\n\n Azure Function<\/td>\n CVE-2026-21532<\/a><\/td>\n Azure Function Information Disclosure Vulnerability<\/td>\n Critical<\/td>\n
\n\t\t<\/tr>\n\n Azure HDInsights<\/td>\n CVE-2026-21529<\/a><\/td>\n Azure HDInsight Spoofing Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Azure IoT SDK<\/td>\n CVE-2026-21528<\/a><\/td>\n Azure IoT Explorer Information Disclosure Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Azure Local<\/td>\n CVE-2026-21228<\/a><\/td>\n Azure Local Remote Code Execution Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Azure SDK<\/td>\n CVE-2026-21531<\/a><\/td>\n Azure SDK for Python Remote Code Execution Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Desktop Window Manager<\/td>\n CVE-2026-21519<\/a><\/td>\n Desktop Window Manager Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Github Copilot<\/td>\n CVE-2026-21516<\/a><\/td>\n GitHub Copilot for Jetbrains Remote Code Execution Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n GitHub Copilot and Visual Studio<\/td>\n CVE-2026-21523<\/a><\/td>\n GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n GitHub Copilot and Visual Studio<\/td>\n CVE-2026-21256<\/a><\/td>\n GitHub Copilot and Visual Studio Remote Code Execution Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n GitHub Copilot and Visual Studio<\/td>\n CVE-2026-21257<\/a><\/td>\n GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n GitHub Copilot and Visual Studio Code<\/td>\n CVE-2026-21518<\/a><\/td>\n GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Mailslot File System<\/td>\n CVE-2026-21253<\/a><\/td>\n Mailslot File System Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Microsoft Defender for Linux<\/td>\n CVE-2026-21537<\/a><\/td>\n Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Microsoft Edge (Chromium-based)<\/td>\n CVE-2026-1861<\/a><\/td>\n Chromium: CVE-2026-1861 Heap buffer overflow in libvpx<\/td>\n Unknown<\/td>\n
\n\t\t<\/tr>\n\n Microsoft Edge (Chromium-based)<\/td>\n CVE-2026-1862<\/a><\/td>\n Chromium: CVE-2026-1862 Type Confusion in V8<\/td>\n Unknown<\/td>\n
\n\t\t<\/tr>\n\n Microsoft Edge for Android<\/td>\n CVE-2026-0391<\/a><\/td>\n Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability<\/td>\n Moderate<\/td>\n
\n\t\t<\/tr>\n\n Microsoft Exchange Server<\/td>\n CVE-2026-21527<\/a><\/td>\n Microsoft Exchange Server Spoofing Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Microsoft Graphics Component<\/td>\n CVE-2026-21246<\/a><\/td>\n Windows Graphics Component Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Microsoft Graphics Component<\/td>\n CVE-2026-21235<\/a><\/td>\n Windows Graphics Component Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Microsoft Office Excel<\/td>\n CVE-2026-21261<\/a><\/td>\n Microsoft Excel Information Disclosure Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Microsoft Office Excel<\/td>\n CVE-2026-21258<\/a><\/td>\n Microsoft Excel Information Disclosure Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Microsoft Office Excel<\/td>\n CVE-2026-21259<\/a><\/td>\n Microsoft Excel Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Microsoft Office Outlook<\/td>\n CVE-2026-21260<\/a><\/td>\n Microsoft Outlook Spoofing Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Microsoft Office Outlook<\/td>\n CVE-2026-21511<\/a><\/td>\n Microsoft Outlook Spoofing Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Microsoft Office Word<\/td>\n CVE-2026-21514<\/a><\/td>\n Microsoft Word Security Feature Bypass Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n MSHTML Framework<\/td>\n CVE-2026-21513<\/a><\/td>\n MSHTML Framework Security Feature Bypass Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Power BI<\/td>\n CVE-2026-21229<\/a><\/td>\n Power BI Remote Code Execution Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Role: Windows Hyper-V<\/td>\n CVE-2026-21244<\/a><\/td>\n Windows Hyper-V Remote Code Execution Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Role: Windows Hyper-V<\/td>\n CVE-2026-21255<\/a><\/td>\n Windows Hyper-V Security Feature Bypass Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Role: Windows Hyper-V<\/td>\n CVE-2026-21248<\/a><\/td>\n Windows Hyper-V Remote Code Execution Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Role: Windows Hyper-V<\/td>\n CVE-2026-21247<\/a><\/td>\n Windows Hyper-V Remote Code Execution Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Ancillary Function Driver for WinSock<\/td>\n CVE-2026-21236<\/a><\/td>\n Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Ancillary Function Driver for WinSock<\/td>\n CVE-2026-21241<\/a><\/td>\n Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Ancillary Function Driver for WinSock<\/td>\n CVE-2026-21238<\/a><\/td>\n Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows App for Mac<\/td>\n CVE-2026-21517<\/a><\/td>\n Windows App for Mac Installer Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Cluster Client Failover<\/td>\n CVE-2026-21251<\/a><\/td>\n Cluster Client Failover (CCF) Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Connected Devices Platform Service<\/td>\n CVE-2026-21234<\/a><\/td>\n Windows Connected Devices Platform Service Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows GDI+<\/td>\n CVE-2026-20846<\/a><\/td>\n GDI+ Denial of Service Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows HTTP.sys<\/td>\n CVE-2026-21240<\/a><\/td>\n Windows HTTP.sys Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows HTTP.sys<\/td>\n CVE-2026-21250<\/a><\/td>\n Windows HTTP.sys Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows HTTP.sys<\/td>\n CVE-2026-21232<\/a><\/td>\n Windows HTTP.sys Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Kernel<\/td>\n CVE-2026-21231<\/a><\/td>\n Windows Kernel Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Kernel<\/td>\n CVE-2026-21222<\/a><\/td>\n Windows Kernel Information Disclosure Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Kernel<\/td>\n CVE-2026-21239<\/a><\/td>\n Windows Kernel Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Kernel<\/td>\n CVE-2026-21245<\/a><\/td>\n Windows Kernel Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows LDAP – Lightweight Directory Access Protocol<\/td>\n CVE-2026-21243<\/a><\/td>\n Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Notepad App<\/td>\n CVE-2026-20841<\/a><\/td>\n Windows Notepad App Remote Code Execution Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows NTLM<\/td>\n CVE-2026-21249<\/a><\/td>\n Windows NTLM Spoofing Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Remote Access Connection Manager<\/td>\n CVE-2026-21525<\/a><\/td>\n Windows Remote Access Connection Manager Denial of Service Vulnerability<\/td>\n Moderate<\/td>\n
\n\t\t<\/tr>\n\n Windows Remote Desktop<\/td>\n CVE-2026-21533<\/a><\/td>\n Windows Remote Desktop Services Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Shell<\/td>\n CVE-2026-21510<\/a><\/td>\n Windows Shell Security Feature Bypass Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Storage<\/td>\n CVE-2026-21508<\/a><\/td>\n Windows Storage Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Subsystem for Linux<\/td>\n CVE-2026-21237<\/a><\/td>\n Windows Subsystem for Linux Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Subsystem for Linux<\/td>\n CVE-2026-21242<\/a><\/td>\n Windows Subsystem for Linux Elevation of Privilege Vulnerability<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n\n Windows Win32K – GRFX<\/td>\n CVE-2023-2804<\/a><\/td>\n Red Hat, Inc. CVE-2023-2804: Heap Based Overflow libjpeg-turbo<\/td>\n Important<\/td>\n
\n\t\t<\/tr>\n
![\"tines\"\/](\"https:\/\/www.europesays.com\/us\/wp-content\/uploads\/2026\/02\/tines-in-art-square.jpg\")