MICROSOFT released security updates addressing 59 flaws across its software, including six actively exploited zero‑days, five critical, 52 important, and two moderate in severity. Among the patched flaws, five are privilege escalation, followed by 12 remote code execution, seven spoofing, six information disclosure, five security‑feature bypasses, three denial‑service, and one cross‑site scripting.
The six actively exploited vulnerabilities are CVE‑2026‑21510, CVE‑2026‑21513, CVE‑2026‑21514, CVE‑2026‑21519, CVE‑2026‑21525 and CVE‑2026‑21533, with CVSS scores ranging from 6.2 to 8.8, including a protection‑mechanism bypass in the MSHTML Framework and several local privilege escalation flaws.
The update coincides with Microsoft rolling out updated Secure Boot certificates and, per the briefing, Windows’s two new security initiatives, Windows Baseline Security Mode and User Transparency and Consent, to strengthen default protections. It was noted that these six flaws have been reported by Microsoft’s own security teams and GTIG, with CISA adding all six to its KEV catalog and agencies required to apply fixes by 3 March 2026.
According to Microsoft, the Edge browser patches released alongside this month’s updates add to the protection, including a Moderate CVE affecting Edge on Android.