Home / Technology / Microsoft Rushes Patches as Zero-Day Exploits Spread
Microsoft Rushes Patches as Zero-Day Exploits Spread
12 Feb
Summary
- Hackers actively exploit Windows and Office zero-day vulnerabilities.
- One-click attacks allow malware installation with minimal user interaction.
- Microsoft released urgent fixes for these actively abused security flaws.
Microsoft has urgently addressed security vulnerabilities in its Windows and Office software, which are currently being exploited by malicious actors. These zero-day exploits, meaning they were used before Microsoft could fix them, pose a significant threat as they allow for one-click attacks. Hackers can gain access to or install malware on computers with very little user involvement, such as clicking a malicious link or opening a compromised Office file.
One critical vulnerability, tracked as CVE-2026-21510, is found in the Windows shell and affects all supported versions. This flaw can bypass Microsoft's SmartScreen security feature, enabling remote malware planting. Google's Threat Intelligence Group confirmed widespread, active exploitation of this bug, warning of potential system compromise, ransomware deployment, or data theft. Another patched vulnerability in the MSHTML engine, CVE-2026-21513, also allowed hackers to bypass Windows security features to install malware.
