How many zero-day vulnerabilities did Microsoft patch?

Microsoft patched six zero-day vulnerabilities, five of which were critical.

What Windows components were affected by the zero-day exploits?

Affected Windows components included the Windows Shell, Desktop Window Manager, and Remote Desktop Service.

Can Internet Explorer still be exploited?

Yes, legacy functions within Internet Explorer are still exploitable and can bypass security checks.

Home / Technology / Microsoft Patches Six Exploited Zero-Days

Microsoft Patches Six Exploited Zero-Days

11 Feb

•

Summary

Six zero-day vulnerabilities are actively exploited, with five critical.
Windows zero-days in Shell and DWM allow code execution and privilege escalation.
Internet Explorer's legacy functions remain exploitable, bypassing security.

Microsoft Patches Six Exploited Zero-Days

Microsoft has urgently patched six zero-day vulnerabilities, with five of them deemed critical. These flaws affected a range of products, including Windows, Office, Exchange Server, Internet Explorer, Azure, and the Windows Subsystem for Linux. Six of these security weaknesses were already being actively exploited in the wild prior to the fixes.

Several critical vulnerabilities were addressed in various Windows versions. Notably, two Windows zero-day flaws, identified as Security Feature Bypass (SFB) types, were publicly known and exploited. One in the Windows Shell (CVE-2026-21510) allows attackers to bypass SmartScreen and execute code simply by opening a shortcut.

Internet Explorer, despite its deprecated status, continues to present security risks due to its reliance by numerous programs. An SFB vulnerability (CVE-2026-21513) in IE allows unauthorized access. Additionally, a Desktop Window Manager (DWM) vulnerability (CVE-2026-21519) is being exploited to gain elevated privileges, often combined with Remote Code Execution (RCE) flaws.