Microsoft has released a security advisory on the 10th of February 2026 in line with their regular monthly patch schedule which includes a number of updates to address vulnerabilities in two (2) high risk, seven (7) medium risk and two (2) low risk products.
These updates address vulnerabilities which may impact services through Remote Code Execution, Denial of Service, Elevation of Privilege, Spoofing, Security Restriction Bypass, and Information Disclosure.
For more information please see: Microsoft Security Update
This release consists of security updates for the following products, features and roles:
- .NET
- .NET and Visual Studio
- Azure Arc
- Azure Compute Gallery
- Azure DevOps Server
- Azure Front Door (AFD)
- Azure Function
- Azure HDInsights
- Azure IoT SDK
- Azure Local
- Azure SDK
- Desktop Window Manager
- Github Copilot
- GitHub Copilot and Visual Studio
- Internet Explorer
- Mailslot File System
- Microsoft Defender for Linux
- Microsoft Edge for Android
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office Word
- Power BI
- Role: Windows Hyper-V
- Windows Ancillary Function Driver for WinSock
- Windows App for Mac
- Windows Cluster Client Failover
- Windows Connected Devices Platform Service
- Windows GDI+
- Windows HTTP.sys
- Windows Kernel
- Windows LDAP - Lightweight Directory Access Protocol
- Windows Notepad App
- Windows NTLM
- Windows Remote Access Connection Manager
- Windows Remote Desktop
- Windows Shell
- Windows Storage
- Windows Subsystem for Linux
- Windows Win32K - GRFX
CVE-2026-21510 is being exploited in the wild and an attacker could bypass Windows SmartScreen and Windows Shell security prompts by exploiting improper handling in Windows Shell components. This can allow attacker‑controlled content to execute without any user warning or consent. Rated as High Risk.
CVE-2026-21513 is being exploited in the wild and a protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. Rated as High Risk.
CVE-2026-21519 is being exploited in the wild and allows access of resources using incompatible type (‘type confusion’) in Desktop Window Manager and can allow an authorized attacker to elevate privileges locally. Rated as Medium Risk.
CVE-2026-21525 is being exploited in the wild and a null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny services locally. Rated as High Risk.
CVE-2026-21533 is being exploited in the wild and improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. Rated as Medium Risk.
CVE-2026-21514 is being exploited in the wild and reliance on untrusted inputs in a security decision inside Microsoft Office Word allows an unauthorized attacker to bypass a security features locally. Rated as Medium Risk.
Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.
support@matscosolutions.com
Beijing +86 400 120 2782
Hong Kong +852 8101 8418
London +44 (0)20 7821 4950
New York +1 866 446 9226
Singapore +65 6100 1090
Share this Post