Critical Microsoft Vulnerabilities Uncovered in February 2026 Update
TL;DR: Microsoft’s February 2026 security update addresses 59 vulnerabilities, including two critical threats in Azure Confidential Containers. Active exploitation of several important vulnerabilities further underscores the need for immediate patching.
This month, Microsoft disclosed significant vulnerabilities affecting a broad spectrum of products, with two classified as “Critical.” CVE-2026-21522, an elevation of privilege vulnerability in Microsoft ACI Confidential Containers, could allow authorized attackers to escalate privileges, while CVE-2026-23655 enables information disclosure of sensitive elements like secret tokens. Both vulnerabilities are not publicly disclosed and have mid-level CVSS scores (6.5 and 6.7). In addition, five important vulnerabilities are actively exploited, along with one moderate vulnerability, CVE-2026-21525, related to denial-of-service conditions.
Other critical vulnerabilities include CVE-2026-21510, 21513, and 21514, which leverage user interaction for exploitation via malicious links or documents, potentially bypassing core security features on Windows systems. CVE-2026-21519 and CVE-2026-21533 additionally enable privilege escalation through flaws in the Desktop Window Manager and Remote Desktop Services, respectively. Talos identified prominent vulnerabilities across additional Microsoft products like Azure, Microsoft Notepad, and GitHub Copilot, including severe Remote Code Execution risks.
Why this matters: The active exploitation of these vulnerabilities poses significant risks to organizations using Microsoft products, expanding the attack surface for adversaries. Timely patching and deployment of security measures are essential to defend against potential escalations and breaches.
Employing threat intelligence, SIEM solutions, and updated firewall rules can help mitigate risks associated with these vulnerabilities. Continuous monitoring and oversight for suspicious activities will further enhance organizational defenses against similar threats.
Indicators of Compromise (IOCs): Specific IOCs or CVE identifiers mentioned include CVE-2026-21522, CVE-2026-23655, CVE-2026-21510, CVE-2026-21513, CVE-2026-21514, CVE-2026-21519, CVE-2026-21525, CVE-2026-21228, CVE-2026-20841, CVE-2026-21516, CVE-2026-21523, and CVE-2026-21256.
