On the second Tuesday of each month, Microsoft diligently rolls out its security updates, a practice known as “Patch Tuesday.” This month, the tech giant has addressed a total of 59 vulnerabilities, including six critical zero-day exploits that are actively being targeted by attackers.
Overview of the Six Zero-Day Vulnerabilities
Let’s delve into the details of these six zero-days that pose significant risks to users.
Windows Shell Security Feature Bypass Vulnerability
CVE-2026-21510 (CVSS score 8.8 out of 10) highlights a security feature bypass within the Windows Shell. This vulnerability allows an attacker to circumvent Windows SmartScreen and similar security prompts, provided they can convince a user to open a malicious link or shortcut file. While the exploitation occurs over the network, it still necessitates user interaction. By successfully tricking the victim into launching the compromised shortcut, the attacker can evade typical security dialogs, facilitating the delivery and execution of further malicious payloads without raising suspicion.
MSHTML Framework Security Feature Bypass Vulnerability
CVE-2026-21513 (CVSS score 8.8 out of 10) concerns the MSHTML Framework, utilized by Internet Explorer’s Trident rendering engine. This vulnerability is classified as a protection mechanism failure that allows for a security feature bypass over the network. Attackers can exploit this flaw by persuading victims to open a malicious HTML file or crafted shortcut, which, when executed, can weaken or remove normal browser and Office sandbox protections, potentially leading to code execution or phishing attempts.
Microsoft Word Security Feature Bypass Vulnerability
CVE-2026-21514 (CVSS score 5.5 out of 10) targets Microsoft Word, where untrusted inputs can influence security decisions, resulting in a local security feature bypass. To exploit this vulnerability, an attacker must convince a user to open a malicious Word document. If successful, the flawed processing of untrusted input could allow the execution of content that would typically be blocked, thereby compromising the integrity of the system.
Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-21519 (CVSS score 7.8 out of 10) presents a local elevation-of-privilege vulnerability within the Windows Desktop Window Manager, caused by type confusion. This flaw allows a locally authenticated attacker with low privileges to gain higher privileges without requiring user interaction. By exploiting this vulnerability, an attacker could potentially achieve SYSTEM privileges, significantly compromising the system’s security.
Windows Remote Access Connection Manager Denial of Service Vulnerability
CVE-2026-21525 (CVSS score 6.2 out of 10) describes a denial-of-service vulnerability in the Windows Remote Access Connection Manager service (RasMan). An unauthenticated local attacker can exploit this flaw with relatively low complexity, leading to a significant impact on service availability without directly compromising confidentiality or integrity. This could result in crashing the service or the system itself, although it does not allow for privilege escalation or code execution.
Windows Remote Desktop Services Elevation of Privilege Vulnerability
CVE-2026-21533 (CVSS score 7.8 out of 10) involves an elevation-of-privilege vulnerability in Windows Remote Desktop Services, stemming from improper privilege management. A local authenticated attacker can exploit this flaw to escalate privileges to SYSTEM without needing user interaction. This exploitation typically involves executing attacker-controlled code on a system equipped with Remote Desktop Services, thereby compromising the system’s confidentiality, integrity, and availability.
Azure Vulnerabilities
Additionally, Azure users should be aware of two critical vulnerabilities with CVSS ratings of 9.8, which warrant immediate attention.
How to Apply Fixes and Check You’re Protected
To ensure your Windows PC remains secure, follow these steps to apply the latest updates:
- Open Settings
- Click the Start button (the Windows logo at the bottom left of your screen).
- Select Settings (represented by a gear icon).
- Go to Windows Update
- In the Settings window, select Windows Update (usually found at the bottom of the left menu).
- Check for updates
- Click the Check for updates button.
- Windows will search for the latest Patch Tuesday updates.
- If you have previously enabled automatic updates, you may see this under Update history:
- Download and Install
- If updates are found, they will begin downloading automatically. Once completed, you’ll see a button labeled Install or Restart now.
- Click Install if necessary and follow any prompts. Your computer will typically require a restart to finalize the update. If prompted, click Restart now.
- Double-check you’re up to date
- After restarting, return to Windows Update and check again. If it indicates You’re up to date, you are all set!
We don’t just report on threats—we remove them. Cybersecurity risks should never extend beyond a headline. Protect your devices by downloading Malwarebytes today.
