Microsoft fixed 58 vulnerabilities in Windows 11, six of which were exploited by hackers
Microsoft released a security update for Windows 11 (Patch Tuesday – February 2026)
Fixes
- Privilege escalation: 25
- Security feature bypass: 5
- Remote code execution: 12
- Access to restricted data: 6
- Denial of service (DoS): 3
- Data tampering: 7
The update addresses a total of 58 vulnerabilities, of which 6 were actively exploited by cybercriminals.
What’s new in this release?
1. Updated Secure Boot certificates
Microsoft began distributing new certificates because the existing ones issued in 2011 expired at the end of June this year.
2. Disclosure of exploitable vulnerabilities
| CVE | What the attacker does | System affected |
|---|---|---|
| CVE‑2026‑21510 | Tricks a user into clicking a link or opening a shortcut, bypassing Windows security mechanisms | Entire OS |
| CVE‑2026‑21513 | Bypasses protection in the MSHTML Framework | Browser/web content |
| CVE‑2026‑21514 | Used to bypass Microsoft Word protection; victim opens a malicious Office file | Word applications |
| CVE‑2026‑21519 | Elevates privileges via an error in the Windows desktop window manager | Windows system |
| CVE‑2026‑21525 | Causes DoS in the Remote Desktop Connection Manager (RDP). The exploit was found in an open malware repository. | RDP services |
| CVE‑2026‑21533 | Elevates privileges through Windows Remote Desktop Services | RDP services |
Microsoft did not specify whether these six vulnerabilities were used in a single cyber campaign.
What users need to do
1. Install the update as soon as possible – it closes 58 critical and high-risk defects.
2. Verify that Secure Boot certificates work correctly after installation (important for UEFI devices).
3. Be cautious with links and shortcut files: even if they look harmless, they may exploit CVE‑2026‑21510.
Conclusion: The Patch Tuesday update of February 2026 significantly strengthens Windows 11’s protection against known attacks by closing dozens of vulnerabilities and introducing new Secure Boot certificates. Users are advised to apply the patch promptly and follow basic cyber‑security practices.
Asted Cloud
Comments (0)
Share your thoughts — please be polite and stay on topic.
Log in to comment