"Microsoft has released fixes for six newly-classified zero-day common vulnerabilities and exposures (CVEs) on the second monthly Patch Tuesday of 2026, amid a release comprising over 50 flaws that run the full gamut of Microsoft's product suite. Although the total number of flaws is down by about half on January's bumper crop, it is about on par for this time of year, explained Dustin Childs of Trend Micro's Zero Day Initiative (ZDI), however, he added, the number under active attack is "extraordinarily high"."
"The three 'classic' zero-days are all security feature bypass (SFB) vulnerabilities, tracked variously as CVE-2026-21510 in Windows SmartScreen, CVE-2026-21514 in Microsoft Word, and CVE-2026-21513 in Internet Explorer. The three zero-days for which exploit proofs of concept (PoCs) have not yet been made public are tracked as CVE-2026-21519, an elevation of privilege (EoP) flaw in Desktop Window Manager, CVE-2026-21525, a denial of service (DoS) flaw in Windows Remote Access Connection Manager, and finally, CVE-2026-21533, an EoP flaw in Windows Remote Desktop Services."
Microsoft released fixes on the second Patch Tuesday of 2026 for over 50 vulnerabilities across its product suite, including six newly-classified zero-days. Trend Micro ZDI's Dustin Childs said the total count is normal for this time of year but the number under active attack is extraordinarily high. All six zero-days are under active exploitation, with three publicly disclosed. Three security feature bypass zero-days affect Windows SmartScreen (CVE-2026-21510), Microsoft Word (CVE-2026-21514), and Internet Explorer (CVE-2026-21513). Three additional zero-days include an elevation-of-privilege in Desktop Window Manager (CVE-2026-21519), a denial-of-service in Remote Access Connection Manager (CVE-2026-21525), and an EoP in Remote Desktop Services (CVE-2026-21533). Seth Hoyt warned the Windows Shell flaw neutralizes SmartScreen, allowing internet-downloaded files to execute without the usual warning dialog.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]