Home / Technology / Microsoft Patches Six Exploited Zero-Days
Microsoft Patches Six Exploited Zero-Days
11 Feb
Summary
- Six zero-day vulnerabilities are actively exploited, with five critical.
- Windows zero-days in Shell and DWM allow code execution and privilege escalation.
- Internet Explorer's legacy functions remain exploitable, bypassing security.
Microsoft has urgently patched six zero-day vulnerabilities, with five of them deemed critical. These flaws affected a range of products, including Windows, Office, Exchange Server, Internet Explorer, Azure, and the Windows Subsystem for Linux. Six of these security weaknesses were already being actively exploited in the wild prior to the fixes.
Several critical vulnerabilities were addressed in various Windows versions. Notably, two Windows zero-day flaws, identified as Security Feature Bypass (SFB) types, were publicly known and exploited. One in the Windows Shell (CVE-2026-21510) allows attackers to bypass SmartScreen and execute code simply by opening a shortcut.
Internet Explorer, despite its deprecated status, continues to present security risks due to its reliance by numerous programs. An SFB vulnerability (CVE-2026-21513) in IE allows unauthorized access. Additionally, a Desktop Window Manager (DWM) vulnerability (CVE-2026-21519) is being exploited to gain elevated privileges, often combined with Remote Code Execution (RCE) flaws.
Further vulnerabilities include an Elevation of Privilege (EoP) flaw in Remote Desktop Service (CVE-2026-21533), which can be exploited locally to gain system-level code execution. This could serve as an intermediate step for attackers within a network. A Denial of Service (DoS) vulnerability in the Remote Access Connection Manager (CVE-2026-21525) was also patched, potentially used to disrupt services.
