Skip to content
BLOG

Patch Tuesday February 2026

Brock Bingham candid headshot
Brock Bingham|February 10, 2026
Image of a doctor's kit and bandaid.
Image of a doctor's kit and bandaid.
Sections

Welcome back to another Patch Tuesday recap. It’s February, which means Valentine’s Day is in the air. But don’t worry, Microsoft is here to remind us that love is temporary, but Windows updates are forever. Now if they could just remember to test their patches before release, we’d be in great shape. Let’s take a look at what this month has to offer. I’m guessing there will be a severe lack of chocolates and candy hearts.

Severity

  • Total exploits patched: 55

  • Critical patches: 2

  • Important: 52

  • Moderate: 1

  • Low: 0

Vulnerability impact

  • Remote code execution: 12

  • Elevation of privilege: 23

  • Information disclosure: 5

  • Spoofing: 7

  • Tampering: 0

  • Denial of service: 3

  • Feature bypass: 5

Availability

  • Publicly disclosed: 3

  • Actively exploited: 6

Some highlights (or lowlights)

  • CVE-2026-21510, 21513, 21514: We’re kicking off our Valentine’s Day Patch Tuesday with a special three-for-one highlight. All three of these are publicly known and actively exploited. They all seem to rely on what I imagine is a similar security feature bypass exploit that is contingent on a user opening a malicious file. The impacted systems are the MSHTML framework, Windows Shell, and Microsoft Word. If you’re keeping track, that’s two months in a row we’ve gotten a three-for-one highlight.

  • CVE-2026-21531: Next up, we’ve got CVE-2026-21531, a critical remote code execution vulnerability in Azure AI Language Authoring. This one boils down to insecure deserialization, where the service trusts specially crafted data coming in over the network and ends up executing it. There’s no user interaction required and no authentication needed, which is always a fun combo. There’s no confirmed exploitation in the wild yet, but given the severity and attack surface, this is definitely one you’ll want to patch sooner rather than later.

  • CVE-2026-21519: And finally, we have CVE-2026-21519. This is another one of our vulnerabilities that are actively exploited in the wild. However, the details haven’t been publicly disclosed. What we do know is that this is a type confusion vulnerability that’s impacting Desktop Window Manager (DWM). The attack vector is local and requires only low privileges, but successful exploitation could lead to elevation of privilege. Though, again, this vulnerability is already actively exploited, so get this patched as soon as possible.

Wrapping up

Maybe I’m crazy, but perhaps Microsoft keeps Patch Tuesday on the second Tuesday of each month so we always have an excuse to get out of Valentine’s Day shenanigans. Maybe they are just looking out for sysadmins, and we’ve been taking it for granted all these years. If, however, you’d actually like to experience Valentine’s Day for yourself, PDQ Connect can help you automate your patch deployments so you have plenty of time for assembling IKEA furniture, or pottery throwing, or whatever normal people do on Valentine’s Day.

Loading...

Brock Bingham candid headshot
Brock Bingham

Brock Bingham is a systems administrator with 15 years of experience managing endpoints and servers, with a strong focus on automation, patching, security, and maintaining stable environments at scale. After years of hands-on IT work, he now creates content and teaches, helping other admins learn through practical, real-world guidance.

Related articles

Dog drooling while reading content on laptop

How AI fits into the sysadmin workflow (without replacing it)

GENERAL IT

Security grey

What the Notepad++ supply chain attack teaches about update trust

SECURITY

Green laptop with PDQ logo

How to reduce IT burnout through automation

GENERAL IT