This web page was created programmatically, to learn the article in its unique location you possibly can go to the hyperlink bellow:
https://blog.qualys.com/vulnerabilities-threat-research/2026/02/10/microsoft-patch-tuesday-february-2026-security-update-review
and if you wish to take away this text from our website please contact us
Microsoft’s February 2026 Patch Tuesday focuses on closing safety gaps that attackers might exploit, reinforcing the significance of well timed patching in enterprise environments. Here’s a fast breakdown of what you have to know.
This month’s launch addresses 61 vulnerabilities, together with 5 crucial and 52 important-severity vulnerabilities.
In this month’s updates, Microsoft has addressed six zero-day vulnerabilities which have been exploited in the wild.
Microsoft addressed one vulnerability in Microsoft Edge (Chromium-based) that was patched earlier this month.
Microsoft Patch Tuesday, February version, consists of updates for vulnerabilities in Microsoft Exchange Server, Microsoft Graphics Component, Windows NTLM, Windows Remote Access Connection Manager, Windows Remote Desktop, and extra.
From elevation of privilege flaws to distant code execution dangers, this month’s patches are important for organizations aiming to preserve a strong safety posture.
The February 2026 Microsoft vulnerabilities are labeled as follows:
| Vulnerability Category | Quantity | Severities |
| Spoofing Vulnerability | 7 | Important: 6 |
| Denial of Service Vulnerability | 3 | Important: 3 |
| Elevation of Privilege Vulnerability | 25 | Critical: 3 Important: 22 |
| Information Disclosure Vulnerability | 6 | Critical: 2 Important: 4 |
| Remote Code Execution Vulnerability | 12 | Important: 12 |
| Security Feature Bypass Vulnerability | 5 | Important: 5 |
Adobe has launched 9 safety advisories to deal with 44 vulnerabilities in Adobe Audition, Adobe After Effects, Adobe InDesign Desktop, Adobe Substance 3D Designer, Adobe Substance 3D Stager, Adobe Bridge, Adobe Substance 3D Modeler, Adobe Lightroom Classic, and Adobe DNG SDK. 27 of those vulnerabilities are given crucial severity scores. Successful exploitation of those vulnerabilities could result in arbitrary code execution.
Desktop Window Manager is a system service in Windows (Vista and later) that permits visible results comparable to transparency, window animations, and dwell taskbar thumbnails through GPU {hardware} acceleration.
A kind confusion flaw in the Desktop Window Manager could permit an authenticated attacker to raise privileges domestically. Successful exploitation of the vulnerability could permit an attacker to realize SYSTEM privileges.
CISA acknowledged the energetic exploitation of the vulnerability by including it to its Known Exploited Vulnerabilities Catalog. CISA urges customers to patch the vulnerability earlier than March 3, 2026.
Windows Remote Desktop Services (RDS) is a Microsoft Windows Server know-how that permits customers to securely entry virtualized desktops, functions, and sources from any machine, anyplace.
An improper privilege administration flaw in Windows Remote Desktop might permit an authenticated attacker to raise privileges domestically. An attacker who efficiently exploited this vulnerability might acquire SYSTEM privileges.
CISA acknowledged the energetic exploitation of the vulnerability by including it to its Known Exploited Vulnerabilities Catalog. CISA urges customers to patch the vulnerability earlier than March 3, 2026.
The Windows Shell is the first interface for customers to work together with the Windows working system, encompassing seen components just like the Desktop, Taskbar, and Start Menu.
A failure in the Windows Shell safety mechanism could permit an unauthenticated attacker to bypass a community safety function. An attacker should persuade a person to open a malicious hyperlink or shortcut file to take advantage of the vulnerability.
CISA acknowledged the energetic exploitation of the vulnerability by including it to its Known Exploited Vulnerabilities Catalog. CISA urges customers to patch the vulnerability earlier than March 3, 2026.
An attacker should ship a person a malicious Office file and persuade them to open it to take advantage of the vulnerability.
CISA acknowledged the energetic exploitation of the vulnerability by including it to its Known Exploited Vulnerabilities Catalog. CISA urges customers to patch the vulnerability earlier than March 3, 2026.
Windows Remote Access Connection Manager is a core Windows service that manages dial-up and Virtual Private Network connections, permitting person computer systems to securely hook up with distant networks, company sources, or different units.
A null pointer dereference in Windows Remote Access Connection Manager might permit an unauthenticated attacker to deny service domestically.
CISA acknowledged the energetic exploitation of the vulnerability by including it to its Known Exploited Vulnerabilities Catalog. CISA urges customers to patch the vulnerability earlier than March 3, 2026.
The MSHTML Framework (also called Trident) is a proprietary browser engine developed by Microsoft. It is a software program element that renders net pages and different HTML content material inside functions working on Microsoft Windows.
A failure in the MSHTML Framework safety mechanism might permit an unauthenticated attacker to bypass a safety function over a community.
CISA acknowledged the energetic exploitation of the vulnerability by including it to its Known Exploited Vulnerabilities Catalog. CISA urges customers to patch the vulnerability earlier than March 3, 2026.
Microsoft talked about within the advisory, “This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.”
A command injection flaw in Azure Compute Gallery permits a certified attacker to raise privileges domestically. Upon profitable exploitation, an attacker might execute arbitrary instructions throughout the affected ACI container’s context, thereby working code with the identical privileges because the compromised container.
Upon profitable exploitation of the vulnerability, an attacker might disclose the key tokens and keys.
As per the Microsoft advisory, “This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.”
As per the Microsoft advisory, “This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.”
This month’s launch notes cowl a number of Microsoft product households and merchandise/variations affected, together with, however not restricted to, Windows Win32K – GRFX, Microsoft Edge for Android, Windows Notepad App, Windows GDI+, .NET and Visual Studio, Windows Kernel, Azure Local, Power BI, Windows HTTP.sys, Windows Connected Devices Platform Service, Windows Ancillary Function Driver for WinSock, Windows Subsystem for Linux, Windows LDAP – Lightweight Directory Access Protocol, Role: Windows Hyper-V, Windows Cluster Client Failover, Mailslot File System, GitHub Copilot and Visual Studio, Microsoft Office Excel, Microsoft Office Word, Windows Storage, Windows Shell, Microsoft Office Outlook, Azure DevOps Server, Internet Explorer, Github Copilot, Windows App for Mac, .NET, Desktop Window Manager, Azure Compute Gallery, Azure IoT SDK, Azure HDInsights, Azure SDK, Azure Function, Microsoft Defender for Linux, Azure Front Door (AFD), Azure Arc, and Microsoft Edge (Chromium-based).
The subsequent Patch Tuesday is scheduled for March 10, and we are going to present particulars and patch evaluation at that time. Until subsequent Patch Tuesday, keep secure and safe. Be positive to subscribe to the ‘This Month in Vulnerabilities and Patches’ webinar.’
The Qualys Research workforce hosts a month-to-month webinar sequence to assist our current prospects leverage the seamless integration between Qualys Vulnerability Management, Detection & Response (VMDR), and Qualys Patch Management. Combining these two options can scale back the median time to remediate crucial vulnerabilities.
During the webcast, we are going to talk about this month’s high-impact vulnerabilities, together with these highlighted on this month’s Patch Tuesday alert. We will stroll you thru the required steps to deal with the important thing vulnerabilities utilizing Qualys VMDR and Qualys Patch Management.
Join the webinar
This Month in Vulnerabilities & Patches
This web page was created programmatically, to learn the article in its unique location you possibly can go to the hyperlink bellow:
https://blog.qualys.com/vulnerabilities-threat-research/2026/02/10/microsoft-patch-tuesday-february-2026-security-update-review
and if you wish to take away this text from our website please contact us
This web page was created programmatically, to learn the article in its unique location you'll…
This web page was created programmatically, to learn the article in its authentic location you'll…
This web page was created programmatically, to learn the article in its authentic location you…
This web page was created programmatically, to learn the article in its authentic location you'll…
This web page was created programmatically, to learn the article in its unique location you…
This web page was created programmatically, to learn the article in its unique location you…