"Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified as privilege escalation, followed by remote code execution (12), spoofing (7), information disclosure (6), security feature bypass (5), denial-of-service (3), and cross-site scripting (1). It's worth noting that the patches are in addition to three security flaws that Microsoft has addressed in its Edge browser since the release of the January 2026 Patch Tuesday update,"
"Topping the list of this month's updates are six vulnerabilities that have been flagged as actively exploited - CVE-2026-21510 (CVSS score: 8.8) - A protection mechanism failure in Windows Shell that allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 (CVSS score: 8.8) - A protection mechanism failure in MSHTML Framework that allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21514 (CVSS score: 7.8) - A reliance on untrusted inputs in a security decision in Microsoft Office Word that allows an unauthorized attacker to bypass a security feature locally. CVE-2026-21519 (CVSS score: 7.8) - An access of resource using incompatible type ('type confusion') in the Desktop Window Manager that allows an authorized attacker to elevate privileges locally."
Microsoft released security updates addressing 59 vulnerabilities across its software, with five rated Critical, 52 Important, and two Moderate. Twenty-five vulnerabilities address privilege escalation, with the remainder covering remote code execution, spoofing, information disclosure, security feature bypass, denial-of-service, and cross-site scripting. The updates supplement three Edge browser fixes from the January 2026 Patch Tuesday release, including CVE-2026-0391 (CVSS 6.5) affecting Edge for Android that could enable spoofing via a user interface misrepresentation. Six vulnerabilities are confirmed as actively exploited, affecting Windows Shell, MSHTML, Word, Desktop Window Manager, and Remote Access Connection Manager.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]