MICROSOFT Patch Tuesday for February 2026 fixes six actively exploited zero-day vulnerabilities alongside 58 new security flaws across Windows, Office, Azure, Edge, Exchange, Hyper-V, WSL and other components, bringing total CVEs to 62 when third-party updates are included. Five vulnerabilities are rated Critical, two are Moderate, and most are Important, with the six zero-days addressed described as being exploited in the wild and three of them publicly disclosed.
The six zero-day CVEs are CVE-2026-21510 (CVSS 7.5 – High), CVE-2026-21513 (CVSS 8.8 – High), CVE-2026-21514 (CVSS 8.1 – High), CVE-2026-21519 (CVSS 7.8 – High), CVE-2026-21525 (CVSS 6.5 – Medium) and CVE-2026-21533 (CVSS 8.8 – High). CVE-2026-21510, CVE-2026-21514 and CVE-2026-21513 were publicly disclosed, with discoveries credited to Google Threat Intelligence Group and other Microsoft teams for the first two and to Microsoft and GTIG for the third. according to Microsoft.