ADVERTISEMENT

CISA flags six actively exploited Microsoft zero-days

Microsoft has released fixes for six new zero-days actively exploited in the wild, alongside more than 50 additional security updates in this month’s Patch Tuesday rollout.

Microsoft Windows 10 security update end

Image by Cybernews

Stefanie Schappert
Stefanie Schappert Senior Journalist
Feb 11, 2026 Updated: 11 February 2026 3 min read
Key takeaways:

Six zero-days now on CISA’s KEV list

  • CVE-2026-21510 Microsoft Windows Shell Protection Mechanism Failure Vulnerability
  • CVE-2026-21513 Microsoft MSHTML Framework Security Feature Bypass Vulnerability
  • CVE-2026-21514 Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
  • CVE-2026-21519 Microsoft Windows Type Confusion Vulnerability
  • CVE-2026-21525 Microsoft Windows NULL Pointer Dereference Vulnerability
  • CVE-2026-21533 Windows Remote Desktop Services Elevation of Privilege Vulnerability

Security bypass flaws raise phishing concerns

Microsoft 365 logos
Image by GGuy | Shutterstock
ADVERTISEMENT
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

Cloud patching pressures mount

Microsoft Azure being hacked by hooded figure
Image by Shutterstock

ADVERTISEMENT