Microsoft released its February 2026 Patch Tuesday updates on February 10, addressing 54 vulnerabilities, including six zero-days across Windows, Office, Azure, and developer tools.
The updates fix issues in products like Windows Remote Desktop Services, Microsoft Defender, Azure services, GitHub Copilot, Visual Studio Code, Microsoft Exchange, and Office apps.
Severity ratings include two Critical flaws and numerous Important ones, with types including remote code execution (RCE), elevation of privilege (EoP), information disclosure, spoofing, denial-of-service (DoS), and security feature bypass. Microsoft assigns customer action as required for all listed CVEs and urges immediate patching.
| Vulnerability Type | Count |
|---|---|
| Remote Code Execution | 11 |
| Denial of Service | 3 |
| Elevation of Privilege | 23 |
| Information Disclosure | 5 |
| Security Feature Bypass | 5 |
| Spoofing | 7 |
| Total | 54 |
Six zero-days were patched, marked as publicly disclosed and/or exploited prior to release. These include:
- CVE-2026-21514: Security feature bypass in Microsoft Office Word.
- CVE-2026-21513: Security feature bypass in MSHTML Framework.
- CVE-2026-21510: Security feature bypass in Windows Shell.
- CVE-2026-21533: EoP in Windows Remote Desktop Services.
- CVE-2026-21525: DoS in Windows Remote Access Connection Manager.
- CVE-2026-21519: EoP in Desktop Window Manager.
Attackers could chain these for broader compromise, such as bypassing protections to execute code or escalate privileges.
Critical Vulnerabilities
Two Critical vulnerabilities demand priority:
| CVE ID | Type | Affected Product | CVSS Implication |
|---|---|---|---|
| CVE-2026-23655 | Information Disclosure | Azure Compute Gallery (ACI Confidential Containers) | Allows sensitive data leak from confidential workloads. |
| CVE-2026-21522 | Elevation of Privilege | Azure Compute Gallery (ACI Confidential Containers) | Enables privilege escalation in container environments. |
These Azure flaws highlight risks in cloud-native confidential computing.
RCE flaws pose high risks in cloud and endpoint tools:
- CVE-2026-21537: RCE in Microsoft Defender for Endpoint Linux Extension.
- CVE-2026-21531: RCE in Azure SDK for Python.
- CVE-2026-21523: RCE in GitHub Copilot and Visual Studio Code.
- CVE-2026-21516: RCE in GitHub Copilot for JetBrains.
- CVE-2026-21256: RCE in GitHub Copilot and Visual Studio.
Office issues include spoofing in Outlook (CVE-2026-21527, CVE-2026-21260), info disclosure/EoP in Excel (CVE-2026-21261, CVE-2026-21259, CVE-2026-21258), and Word bypass (CVE-2026-21514). Windows sees EoP in HTTP.sys (CVE-2026-21250), Hyper-V bypass (CVE-2026-21255), and storage (CVE-2026-21508).
Azure-specific: Spoofing in HDInsight (CVE-2026-21529), info disclosure in IoT Explorer SDK (CVE-2026-21528). Other: XSS spoofing in Azure DevOps (CVE-2026-21512).
Elevated risks target developers (Copilot/VS Code), enterprises (Azure/Exchange), and endpoints (Windows/Defender). Exploitation could lead to data theft, lateral movement, or full compromise.
The table below summarizes the CVEs found in the provided text, including links to the official Microsoft Security Response Center (MSRC) pages for each vulnerability, along with their impact, severity, and affected product details.
Microsoft Security Updates – February 10, 2026
| CVE ID | Impact | Severity | Vulnerability Title | Product/Component |
| CVE-2026-23655 | Information Disclosure | Critical | Microsoft ACI Confidential Containers Information Disclosure Vulnerability | Azure Compute Gallery |
| CVE-2026-21537 | Remote Code Execution | Important | Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability | Microsoft Defender for Linux |
| CVE-2026-21533 | Elevation of Privilege | Important | Windows Remote Desktop Services Elevation of Privilege Vulnerability | Windows Remote Desktop |
| CVE-2026-21531 | Remote Code Execution | Important | Azure SDK for Python Remote Code Execution Vulnerability | Azure SDK |
| CVE-2026-21529 | Spoofing | Important | Azure HDInsight Spoofing Vulnerability | Azure HDInsights |
| CVE-2026-21528 | Information Disclosure | Important | Azure IoT Explorer Information Disclosure Vulnerability | Azure IoT SDK |
| CVE-2026-21527 | Spoofing | Important | Microsoft Exchange Server Spoofing Vulnerability | Microsoft Exchange Server |
| CVE-2026-21525 | Denial of Service | Moderate | Windows Remote Access Connection Manager Denial of Service Vulnerability | Windows Remote Access Connection Manager |
| CVE-2026-21523 | Remote Code Execution | Important | GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability | GitHub Copilot and Visual Studio |
| CVE-2026-21522 | Elevation of Privilege | Critical | Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability | Azure Compute Gallery |
| CVE-2026-21519 | Elevation of Privilege | Important | Desktop Window Manager Elevation of Privilege Vulnerability | Desktop Window Manager |
| CVE-2026-21518 | Security Feature Bypass | Important | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | GitHub Copilot and Visual Studio Code |
| CVE-2026-21517 | Elevation of Privilege | Important | Windows App for Mac Installer Elevation of Privilege Vulnerability | Windows App for Mac |
| CVE-2026-21516 | Remote Code Execution | Important | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability | Github Copilot |
| CVE-2026-21514 | Security Feature Bypass | Important | Microsoft Word Security Feature Bypass Vulnerability | Microsoft Office Word |
| CVE-2026-21513 | Security Feature Bypass | Important | MSHTML Framework Security Feature Bypass Vulnerability | MSHTML Framework |
| CVE-2026-21512 | Spoofing | Important | Azure DevOps Server Cross-Site Scripting Vulnerability | Azure DevOps Server |
| CVE-2026-21511 | Spoofing | Important | Microsoft Outlook Spoofing Vulnerability | Microsoft Office Outlook |
| CVE-2026-21510 | Security Feature Bypass | Important | Windows Shell Security Feature Bypass Vulnerability | Windows Shell |
| CVE-2026-21508 | Elevation of Privilege | Important | Windows Storage Elevation of Privilege Vulnerability | Windows Storage |
| CVE-2026-21261 | Information Disclosure | Important | Microsoft Excel Information Disclosure Vulnerability | Microsoft Office Excel |
| CVE-2026-21260 | Spoofing | Important | Microsoft Outlook Spoofing Vulnerability | Microsoft Office Outlook |
| CVE-2026-21259 | Elevation of Privilege | Important | Microsoft Excel Elevation of Privilege Vulnerability | Microsoft Office Excel |
| CVE-2026-21258 | Information Disclosure | Important | Microsoft Excel Information Disclosure Vulnerability | Microsoft Office Excel |
| CVE-2026-21257 | Elevation of Privilege | Important | GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability | GitHub Copilot and Visual Studio |
| CVE-2026-21256 | Remote Code Execution | Important | GitHub Copilot and Visual Studio Remote Code Execution Vulnerability | GitHub Copilot and Visual Studio |
| CVE-2026-21255 | Security Feature Bypass | Important | Windows Hyper-V Security Feature Bypass Vulnerability | Windows Hyper-V |
| CVE-2026-21253 | Elevation of Privilege | Important | Mailslot File System Elevation of Privilege Vulnerability | Mailslot File System |
| CVE-2026-21251 | Elevation of Privilege | Important | Cluster Client Failover (CCF) Elevation of Privilege Vulnerability | Windows Cluster Client Failover |
| CVE-2026-21250 | Elevation of Privilege | Important | Windows HTTP.sys Elevation of Privilege Vulnerability | Windows HTTP.sys |
Prioritize critical and zero-day patches via Windows Update or WSUS; test in staging environments. Enable auto-updates, monitor MSRC for revisions, and audit Azure/Office configs. CISA may add top CVEs to the KEV catalog soon.
Other Patch Tuesday Updates
- FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary Commands
- FortiOS Authentication Bypass Vulnerability Lets Attackers Bypass LDAP Authentication
- Ivanti Endpoint Manager Vulnerability Lets Remote Attacker Leak Arbitrary Data
- SAP Security Patch Day – Critical SAP CRM and SAP S/4HANA Code Injection Vulnerabilities
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
