Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。用户已经提供了文章的英文内容,看起来是关于微软2月份的补丁星期二安全更新。 首先,我要通读文章,抓住主要信息。文章提到微软修复了58个新的安全漏洞,涉及多个产品如Windows、Office等,加上第三方更新后共有62个CVE。其中有5个是关键漏洞,两个中等,大部分重要。特别指出有6个零日漏洞被积极利用,其中3个已公开。 接下来,我需要将这些信息浓缩到100字以内。要确保涵盖修复的漏洞数量、涉及的产品、漏洞的严重性等级以及零日漏洞的情况。同时要注意用词简洁明了。 可能会遇到的问题是如何在有限的字数内全面覆盖所有关键点。我需要优先突出最重要的信息:修复了多少漏洞,哪些产品受到影响,漏洞的严重性以及零日攻击的情况。 最后,组织语言时要避免使用复杂的句子结构,确保信息清晰易懂。可能的结构是先总述修复情况,再说明严重性和零日攻击的数量及影响。 </think> 微软2月补丁星期二更新修复了58个新安全漏洞(含第三方更新共62个CVE),涉及Windows、Office等组件。其中5个为关键漏洞,2个中等,其余重要。6个零日漏洞被积极利用,3个已公开。 2026-2-10 22:31:47 Author: securityaffairs.com(查看原文) 阅读量:0 收藏

Pierluigi Paganini February 10, 2026

Microsoft Patch Tuesday security updates for February 2026 fix 58 new security flaws across Windows, Office, Azure, Edge, Exchange, Hyper-V, WSL, and other components, rising to 62 CVEs when third-party updates are included. Five vulnerabilities are Critical, two Moderate, and most are rated Important. What stands out is that six flaws addressed this month are actively exploited in the wild, three of them publicly known.

Below are the six zero-day vulnerabilities addressed by the IT giant:

  • CVE-2026-21510 (CVSS score of 7.5 – High)
    A Windows SmartScreen and Shell prompt bypass that allows attackers to evade security warnings by tricking users into opening a crafted malicious link or shortcut file.
  • CVE-2026-21513 (CVSS score of 8.8 – High)
    An Internet Explorer security control bypass that can lead to code execution when a victim opens a malicious HTML page or LNK file.
  • CVE-2026-21514 (CVSS score of 8.1 – High)
    A Microsoft 365 and Office flaw that bypasses OLE security mitigations, enabling malicious activity when a specially crafted Office document is opened.
  • CVE-2026-21519 (CVSS score of 7.8 – High)
    A Windows Desktop Window Manager vulnerability that enables local privilege escalation and elevated system access.
  • CVE-2026-21525 (CVSS score of 6.5 – Medium)
    A Windows Remote Access Connection Manager bug that can be abused by a local attacker to cause a denial-of-service condition.
  • CVE-2026-21533 (CVSS score of 8.8 – High)
    A Windows Remote Desktop Services vulnerability that allows attackers to escalate privileges to SYSTEM.

Microsoft labeled CVE-2026-21510, CVE-2026-21514 and CVE-2026-21513 as “publicly disclosed”.

Microsoft credited Google Threat Intelligence Group, its internal security teams, and an anonymous researcher for discovering CVE-2026-21510 and CVE-2026-21514, while Microsoft and GTIG reported the vulnerability CVE-2026-21513.

The full list of CVEs addressed by the Microsoft Patch Tuesday security update for February 2026 is available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Patch Tuesday)


文章来源: https://securityaffairs.com/187848/uncategorized/microsoft-patch-tuesday-security-updates-for-february-2026-fix-six-actively-exploited-zero-days.html
如有侵权请联系:admin#unsafe.sh