SECURITYWEEK reports that Microsoft’s February 2026 Patch Tuesday fixes roughly 60 vulnerabilities, including six actively exploited zero-days. The zero-days listed are CVE-2026-21510, CVE-2026-21514, CVE-2026-21513, CVE-2026-21519, CVE-2026-21533 and CVE-2026-21525, spanning Windows SmartScreen and Shell prompts, Office file handling, an Internet Explorer issue, Windows Desktop Window Manager, Windows Remote Desktop Services and the Windows Remote Access Connection Manager.
There appears to be no public information about attacks exploiting these zero-days. However, the discovery credits for CVE-2026-21510 and CVE-2026-21514 include Google Threat Intelligence Group (GTIG) alongside Microsoft’s own teams and an anonymous researcher, with CVE-2026-21513 also credited to GTIG. The article notes that Microsoft has patched vulnerabilities across Windows and Office as well as Azure, Windows Defender, Exchange Server, .NET, GitHub Copilot, Edge and Power BI, according to Microsoft advisories.