On February 10, 2026, Microsoft released its February 2026 security update, addressing 59 newly disclosed vulnerabilities. Arctic Wolf highlighted six of these vulnerabilities affecting Microsoft Windows and Microsoft Office that were exploited in the wild. Details on how these vulnerabilities were exploited have not been disclosed.
Vulnerabilities
| Vulnerability | CVSS | Description |
| CVE-2026-21510 | 8.8 | Windows Shell Security Feature Bypass – A remote threat actor can exploit this vulnerability to bypass Windows SmartScreen and Shell security prompts by convincing a user to open a malicious link or shortcut file, allowing content to execute without warning. |
| CVE-2026-21513 | 8.8 | MSHTML Framework Security Feature Bypass – A remote threat actor can exploit this vulnerability to bypass file execution prompts by convincing a user to open a malicious HTML or shortcut (.lnk) file, which manipulates MSHTML and Windows Shell to execute content via the operating system. |
| CVE-2026-21514 | 7.8 | Microsoft Word Security Feature Bypass – A threat actor can exploit this vulnerability to bypass OLE mitigations in Microsoft 365 and Microsoft Office by convincing a user to open a malicious Office file, allowing vulnerable COM/OLE controls to be executed locally. |
| CVE-2026-21519 | 7.8 | Desktop Window Manager Elevation of Privilege – SYSTEM privileges can be obtained by a local threat actor by exploiting a type confusion flaw in Desktop Window Manager. |
| CVE-2026-21525 | 6.2 | Windows Remote Access Connection Manager Denial of Service – A Null pointer dereference flaw in Windows Remote Access Connection Manager allows unauthorized local threat actors to deny service. |
| CVE-2026-21533 | 7.8 | Windows Remote Desktop Services Elevation of Privilege – A local threat actor can exploit this vulnerability to gain SYSTEM privileges. |
CVE-2026-21509
Between Microsoft’s January and February 2026 security updates, an out-of-band update was released for a high-severity zero-day vulnerability in Microsoft Office, tracked as CVE-2026-21509. This vulnerability allows threat actors to bypass Office security features and execute arbitrary code locally by convincing a user to open a specially crafted Office document. Shortly after disclosure, reports indicated that the Russian-nexus threat actor APT28 exploited this vulnerability in targeted social engineering attacks against individuals in Eastern Europe, including Ukraine, Slovakia, and Romania.
Recommendation
Upgrade to Latest Fixed Versions
Arctic Wolf strongly recommends that customers upgrade to the latest fixed versions.
| Affected Product | Vulnerability | Update Article |
| Windows Server 2025 | CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 | 5075899, 5075942 |
| Windows Server 2022, 23H2 | CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 | 5075897 |
| Windows Server 2022 | CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 | 5075906 |
| Windows Server 2019 | CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 | 5075904 |
| Windows Server 2016 | CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 | 5075999 |
| Windows Server 2012 R2 | CVE-2026-21510, CVE-2026-21513, CVE-2026-21525, CVE-2026-21533 | 5075970 |
| Windows Server 2012 | CVE-2026-21510, CVE-2026-21513, CVE-2026-21525, CVE-2026-21533 | 5075971 |
| Windows 11 version 26H1 for x64-based, and ARM64-based Systems | CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 | 5077179 |
| Windows 11 Version 25H2 for x64-based, and ARM64-based Systems | CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 | 5077181, 5077212 |
| Windows 11 Version 24H2 for x64-based, and ARM64-based Systems | CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 | 5077181, 5077212 |
| Windows 11 Version 23H2 for x64-based, and ARM64-based Systems | CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 | 5075941 |
| Windows 10 Version 22H2 for 32-bit, x64-based, and ARM64-based Systems | CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 | 5075912 |
| Windows 10 Version 21H2 for 32-bit, x64-based, and ARM64-based Systems | CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 | 5075912 |
| Windows 10 Version 1809 for 32-bit, and x64-based Systems | CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 | 5075904 |
| Windows 10 Version 1607 for 32-bit, and x64-based Systems | CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 | 5075999 |
| Microsoft Office LTSC for Mac 2024, and Mac 2021 | CVE-2026-21514 | Release Notes |
| Microsoft Office LTSC 2024 for 32-bit, and 64-bit editions | CVE-2026-21509, CVE-2026-21514 | Release Notes |
| Microsoft Office LTSC 2021 for 64-bit editions | CVE-2026-21509, CVE-2026-21514 | Release Notes |
| Microsoft Office 2019 for 32-bit, and 64-bit editions | CVE-2026-21509 | Release Notes |
| Microsoft Office 2016 for 32-bit, and 64-bit editions | CVE-2026-21509 | 5002713 |
| Microsoft 365 Apps for Enterprise for 32-bit, and 64-bit editions | CVE-2026-21509, CVE-2026-21514 | Release Notes |
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
References
