Forum Discussion
Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)
Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)
On February 10, Microsoft released its February 2026 Patch Tuesday release which patched 54 CVEs with two rated critical, 51 rated as important and one rated as moderate. This update included patches to address six zero-day vulnerabilities that were exploited in the wild including three of which were publicly disclosed prior to patches being made available.
CVE-2026-21510 is a security feature bypass vulnerability affecting Windows Shell. It was assigned a CVSSv3 score of 8.8 and was rated as important. According to Microsoft, this flaw was publicly disclosed prior to a patch being made available and was also exploited in the wild as a zero-day. Exploitation requires an attacker to convince an unsuspecting user to open a malicious link or shortcut file. This would allow the attacker to bypass Windows SmartScreen and Windows Shell warnings by exploiting a flaw in Windows Shell components.
CVE-2026-21533 is an elevation of privilege vulnerability affecting Windows Remote Desktop Services. It was assigned a CVSSv3 score of 7.8, rated as important and was reportedly exploited in the wild. Successful exploitation allows a local, authenticated attacker to elevate to SYSTEM privileges.
This month’s update includes patches for:
- .NET
- .NET and Visual Studio
- Azure Arc
- Azure Compute Gallery
- Azure DevOps Server
- Azure Front Door (AFD)
- Azure Function
- Azure HDInsights
- Azure IoT SDK
- Azure Local
- Azure SDK
- Desktop Window Manager
- Github Copilot
- GitHub Copilot and Visual Studio
- Internet Explorer
- Mailslot File System
- Microsoft Defender for Linux
- Microsoft Edge for Android
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office Word
- Power BI
- Role: Windows Hyper-V
- Windows Ancillary Function Driver for WinSock
- Windows App for Mac
- Windows Cluster Client Failover
- Windows Connected Devices Platform Service
- Windows GDI+
- Windows HTTP.sys
- Windows Kernel
- Windows LDAP - Lightweight Directory Access Protocol
- Windows Notepad App
- Windows NTLM
- Windows Remote Access Connection Manager
- Windows Remote Desktop
- Windows Shell
- Windows Storage
- Windows Subsystem for Linux
- Windows Win32K - GRFX
For more information, please visit our blog.
5 Replies
When will the plugins for the CVEs listed below be updated to reflect their participation in the CISA Known Exploited Vulnerability Catalog participation? They were added to the catalog back on February 10th. None reflect KEV status as of this morning.
KEVs: CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533
The plugins should all now properly reflect KEV status for these CVEs.
Observing this as an example where, as of Feb-18 0815 PST, the plugin has no indication of augmentation: KB5075912: Windows 10 version 21H2 / Windows 10 Version 22H2 S... | Tenable®
When should we expect the KEV status to be reflected in the plugin feed?
I've been struggling with support with false positive detection on Windows update since Microsoft introduced to Hotpatch methods. Computers with Windows updates applied are still flagging as not updated. It's creating problems for reporting, policy tracking and monitoring effectiveness.
Is this being addressed - I seem to have to notify Tenable with scan data when the detections are wrong - for products that are used by billions worldwide.
