Cybersecurity

Cyber: Microsoft Patches 59 Vulnerabilities Including Six Actively...

2026-02-11 0 views admin
Cyber: Microsoft Patches 59 Vulnerabilities Including Six Actively...

Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild.

Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified as privilege escalation, followed by remote code execution (12), spoofing (7), information disclosure (6), security feature bypass (5), denial-of-service (3), and cross-site scripting (1).

It's worth noting that the patches are in addition to three security flaws that Microsoft has addressed in its Edge browser since the release of the January 2026 Patch Tuesday update, including a Moderate vulnerability impacting the Edge browser for Android (CVE-2026-0391, CVSS score: 6.5) that could allow an unauthorized attacker to perform spoofing over a network by taking advantage of a "user interface misrepresentation of critical information."

Topping the list of this month's updates are six vulnerabilities that have been flagged as actively exploited -

Microsoft's own security teams and Google Threat Intelligence Group (GTIG) have been credited with discovering and reporting the first three flaws, which have been listed as publicly known at the time of release. There are currently no details on how the vulnerabilities are being exploited, and if they were weaponized as part of the same campaign.

"CVE-2026-21513 is a security feature bypass vulnerability in the Microsoft MSHTML Framework, a core component used by Windows and multiple applications to render HTML content," Jack Bicer, director of vulnerability research at Action1, said. "It is caused by a protection mechanism failure that allows attackers to bypass execution prompts when users interact with malicious files. A crafted file can silently bypass Windows security prompts and trigger dangerous actions with a single click."

Satnam Narang, senior staff research engineer at Tenable, said CVE-2026-21513 and CVE-2026-21514 bear a "lot of similarities" to CVE-2026-21510, the main difference being that CVE-2026-21513 can also be exploited using an HTML file, while CVE-2026-21514 can only be exploited using a Microsoft Office file.

As for CVE-2026-21525, it's linked to a zero-day that ACROS Security's 0patch service said it discovered in December 2025 while investigating another related flaw in the same component (CVE-2025-59230).

"These [CVE-2026-21519 and CVE-2026-2153

Source: The Hacker News

🏷️ Tags

securityvulnerabilitycveattackthreat

More from Cybersecurity

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

2026-02-24 0
Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

2026-02-24 0
Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

2026-02-24 0
Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views