February 2026 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2026-Feb 2026-Feb Final 1.0 87 2026-04-10T07:00:00 February 2026 Security Updates 2026-02-10T08:00:00 2026-04-10T07:00:00 <h2 id="this-release-consists-of-the-following-61-microsoft-cves">This release consists of the following 61 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0102">CVE-2026-0102</a></td> <td>3.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0391">CVE-2026-0391</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Notepad App</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20841">CVE-2026-20841</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows GDI+</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20846">CVE-2026-20846</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21218">CVE-2026-21218</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21222">CVE-2026-21222</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Local</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21228">CVE-2026-21228</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Power BI</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21229">CVE-2026-21229</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21231">CVE-2026-21231</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows HTTP.sys</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21232">CVE-2026-21232</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Connected Devices Platform Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21234">CVE-2026-21234</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21235">CVE-2026-21235</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21236">CVE-2026-21236</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Subsystem for Linux</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21237">CVE-2026-21237</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21238">CVE-2026-21238</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21239">CVE-2026-21239</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows HTTP.sys</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21240">CVE-2026-21240</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21241">CVE-2026-21241</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Subsystem for Linux</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21242">CVE-2026-21242</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows LDAP - Lightweight Directory Access Protocol</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21243">CVE-2026-21243</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21244">CVE-2026-21244</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21245">CVE-2026-21245</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21246">CVE-2026-21246</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21247">CVE-2026-21247</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21248">CVE-2026-21248</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTLM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21249">CVE-2026-21249</a></td> <td>3.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows HTTP.sys</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21250">CVE-2026-21250</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cluster Client Failover</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21251">CVE-2026-21251</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Mailslot File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21253">CVE-2026-21253</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21255">CVE-2026-21255</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>GitHub Copilot and Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21256">CVE-2026-21256</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>GitHub Copilot and Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21257">CVE-2026-21257</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21258">CVE-2026-21258</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21259">CVE-2026-21259</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21260">CVE-2026-21260</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21261">CVE-2026-21261</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Storage</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21508">CVE-2026-21508</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Shell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21510">CVE-2026-21510</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21511">CVE-2026-21511</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure DevOps Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21512">CVE-2026-21512</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>MSHTML Framework</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21513">CVE-2026-21513</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21514">CVE-2026-21514</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Github Copilot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21516">CVE-2026-21516</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows App for Mac</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21517">CVE-2026-21517</a></td> <td>4.7</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>GitHub Copilot and Visual Studio Code</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21518">CVE-2026-21518</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Desktop Window Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21519">CVE-2026-21519</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Compute Gallery</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21522">CVE-2026-21522</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>GitHub Copilot and Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21523">CVE-2026-21523</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Access Connection Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21525">CVE-2026-21525</a></td> <td>6.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Detected</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21527">CVE-2026-21527</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure IoT Explorer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21528">CVE-2026-21528</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure HDInsights</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21529">CVE-2026-21529</a></td> <td>5.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure SDK</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21531">CVE-2026-21531</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Function</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21532">CVE-2026-21532</a></td> <td>8.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21533">CVE-2026-21533</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Teams</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21535">CVE-2026-21535</a></td> <td>8.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Defender for Linux</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21537">CVE-2026-21537</a></td> <td>8.8</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Compute Gallery</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-23655">CVE-2026-23655</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Front Door (AFD)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-24300">CVE-2026-24300</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Arc</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-24302">CVE-2026-24302</a></td> <td>8.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Admin Center</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-26119">CVE-2026-26119</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-19-non-microsoft-cves">We are republishing 19 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Red Hat, Inc.</td> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-2804">CVE-2023-2804</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-1861">CVE-2026-1861</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-1862">CVE-2026-1862</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-2313">CVE-2026-2313</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-2314">CVE-2026-2314</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-2316">CVE-2026-2316</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-2317">CVE-2026-2317</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-2318">CVE-2026-2318</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-2319">CVE-2026-2319</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-2320">CVE-2026-2320</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-2322">CVE-2026-2322</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-2323">CVE-2026-2323</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-2441">CVE-2026-2441</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-2648">CVE-2026-2648</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-2649">CVE-2026-2649</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-2650">CVE-2026-2650</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-3061">CVE-2026-3061</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-3062">CVE-2026-3062</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-3063">CVE-2026-3063</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>October 31, 2025</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/introducing-new-features-improved-security-experience">You asked, we delivered: Introducing new features for an improved security experience</a></td> </tr> <tr> <td>October 28, 2025</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/understanding-cve-2025-55315">Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know</a></td> </tr> <tr> <td>October 22, 2025</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond</a></td> </tr> <tr> <td>November 12, 2024</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2024/11/toward-greater-transparency-publishing-machine-readable-csaf-files">Toward greater transparency: Publishing machine-readable CSAF files</a></td> </tr> <tr> <td>June 27, 2024</td> <td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves1/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td> </tr> <tr> <td>April 9, 2024</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2024/04/toward-greater-transparency-adopting-the-cwe-standard-for-microsoft-cves">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td> </tr> <tr> <td>January 6, 2023</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <table> <thead> <tr> <th>KB Article</th> <th>Product</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5075942">5075942</a></td> <td>Windows Server 2025 Hotpatch</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5075897">5075897</a></td> <td>Windows Server 23H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5075899">5075899</a></td> <td>Windows Server 2025</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5075906">5075906</a></td> <td>Windows Server 2022</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows Server 2025 (Server Core installation) Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2025 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows App for Mac Windows Admin Center Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 15 Microsoft Exchange Server 2019 Cumulative Update 14 Azure DevOps Server 2022 Microsoft ACI Confidential Containers Azure Front Door Azure Functions Azure IoT Explorer Azure AI Language Authoring Azure HDInsight Azure Local Azure ARC Office Online Server Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC for Mac 2024 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft Teams Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office for Android .NET 10.0 installed on Mac OS .NET 10.0 installed on Windows .NET 8.0 installed on Linux .NET 8.0 installed on Windows .NET 10.0 installed on Linux .NET 8.0 installed on Mac OS .NET 9.0 installed on Mac OS .NET 9.0 installed on Linux .NET 9.0 installed on Windows Microsoft Visual Studio Code CoPilot Chat Extension Visual Studio Code Microsoft Visual Studio 2022 version 17.14 Microsoft Visual Studio 2026 version 18.3 Microsoft Edge (Chromium-based) Power BI Report Server Microsoft Exchange Server Subscription Edition RTM Microsoft Defender for Endpoint for Linux GitHub Copilot Plugin for JetBrains IDEs azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 azl3 qemu 8.2.0-27 on Azure Linux 3.0 cbl2 qemu 6.2.0-26 on CBL Mariner 2.0 cbl2 kata-containers 3.2.0.azl2-7 on CBL Mariner 2.0 cbl2 kata-containers-cc 3.2.0.azl2-8 on CBL Mariner 2.0 cbl2 reaper 3.1.1-22 on CBL Mariner 2.0 azl3 valkey 8.0.6-1 on Azure Linux 3.0 cbl2 telegraf 1.29.4-18 on CBL Mariner 2.0 azl3 telegraf 1.31.0-12 on Azure Linux 3.0 azl3 python-virtualenv 20.36.1-1 on Azure Linux 3.0 azl3 tar 1.35-2 on Azure Linux 3.0 cbl2 tar 1.34-3 on CBL Mariner 2.0 azl3 tensorflow 2.16.1-10 on Azure Linux 3.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 cloud-hypervisor 48.0.246-1 on Azure Linux 3.0 cbl2 cloud-hypervisor-cvm 38.0.72.2-5 on CBL Mariner 2.0 azl3 libtiff 4.6.0-11 on Azure Linux 3.0 cbl2 libtiff 4.6.0-11 on CBL Mariner 2.0 azl3 doxygen 1.9.8-2 on Azure Linux 3.0 azl3 zlib 1.3.1-1 on Azure Linux 3.0 Windows Notepad Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Windows Server 2016 Office Online Server Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Server 2019 Visual Studio Code Windows Admin Center Microsoft Edge (Chromium-based) Microsoft Teams Power BI Report Server Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Azure Functions Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Azure Front Door Azure HDInsight Microsoft Defender for Endpoint for Linux Microsoft Exchange Server 2016 Cumulative Update 23 Azure ARC Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Azure DevOps Server 2022 Microsoft Office for Android Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft Exchange Server 2019 Cumulative Update 14 Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems .NET 8.0 installed on Windows .NET 8.0 installed on Linux .NET 8.0 installed on Mac OS Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions .NET 9.0 installed on Linux .NET 9.0 installed on Mac OS .NET 9.0 installed on Windows Windows Server 2025 Windows Server 2025 (Server Core installation) Microsoft Office LTSC for Mac 2024 Microsoft Exchange Server 2019 Cumulative Update 15 Microsoft Visual Studio 2022 version 17.14 Microsoft Visual Studio Code CoPilot Chat Extension Microsoft Exchange Server Subscription Edition RTM azl3 zlib 1.3.1-1 on Azure Linux 3.0 azl3 doxygen 1.9.8-2 on Azure Linux 3.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 cbl2 cloud-hypervisor-cvm 38.0.72.2-5 on CBL Mariner 2.0 cbl2 tar 1.34-3 on CBL Mariner 2.0 azl3 tar 1.35-2 on Azure Linux 3.0 cbl2 kata-containers 3.2.0.azl2-7 on CBL Mariner 2.0 cbl2 kata-containers-cc 3.2.0.azl2-8 on CBL Mariner 2.0 Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Microsoft ACI Confidential Containers GitHub Copilot Plugin for JetBrains IDEs cbl2 qemu 6.2.0-26 on CBL Mariner 2.0 cbl2 libtiff 4.6.0-11 on CBL Mariner 2.0 azl3 libtiff 4.6.0-11 on Azure Linux 3.0 Windows Notepad cbl2 reaper 3.1.1-22 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-18 on CBL Mariner 2.0 azl3 telegraf 1.31.0-12 on Azure Linux 3.0 azl3 tensorflow 2.16.1-10 on Azure Linux 3.0 .NET 10.0 installed on Windows .NET 10.0 installed on Mac OS .NET 10.0 installed on Linux Microsoft Visual Studio 2026 version 18.3 Azure Local Azure AI Language Authoring Windows App for Mac Azure IoT Explorer Windows 11 version 26H1 for x64-based Systems Windows 11 Version 26H1 for ARM64-based Systems azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 azl3 qemu 8.2.0-27 on Azure Linux 3.0 azl3 python-virtualenv 20.36.1-1 on Azure Linux 3.0 azl3 cloud-hypervisor 48.0.246-1 on Azure Linux 3.0 azl3 valkey 8.0.6-1 on Azure Linux 3.0 Desktop Window Manager Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Desktop Window Manager Microsoft Yes CVE-2026-21519 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 20854 20853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 20854 Elevation of Privilege 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 20854 Important 20853 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC) Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC) 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows App for Mac Installer Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to carefully time their actions to exploit the timing differences in the execution of specific operations.</p> Windows App for Mac Microsoft Yes CVE-2026-21517 Improper Link Resolution Before File Access ('Link Following') 20847 Elevation of Privilege 20847 Important 20847 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 20847 20847 Maybe Security Update 11.3.2 https://go.microsoft.com/fwlink/?linkid=868963 20847 <a href="https://x.com/johnwoodman15">John Woodman</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> 1.1 2026-02-13T08:00:00 <p>Download links fixed</p> Azure DevOps Server Cross-Site Scripting Vulnerability <p>Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.</p> Azure DevOps Server Microsoft Yes CVE-2026-21512 Server-Side Request Forgery (SSRF) 12149 Spoofing 12149 Important 12149 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12149 Release Notes https://aka.ms/devops2022.2patch8 12149 No Security Update 20260204.3 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2022u2?view=azure-devops 12149 Release Notes f7d8c52bec79e42795cf15888b85cbad Ludvig Pedersen 1.0 2026-02-10T08:00:00 <p>Information published.</p> Microsoft Excel Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2026-21259 Heap-based Buffer Overflow 10836 11573 11574 11762 11763 11952 11953 12420 12421 10739 10740 Elevation of Privilege 10836 Elevation of Privilege 11573 Elevation of Privilege 11574 Elevation of Privilege 11762 Elevation of Privilege 11763 Elevation of Privilege 11952 Elevation of Privilege 11953 Elevation of Privilege 12420 Elevation of Privilege 12421 Elevation of Privilege 10739 Elevation of Privilege 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002835 https://www.microsoft.com/en-us/download/details.aspx?id=108551 5002824 10836 Maybe Security Update 16.0.10417.20097 https://support.microsoft.com/help/5002835 10836 5002835 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002837 https://www.microsoft.com/en-us/download/details.aspx?id=108555 5002831 10739 10740 Maybe Security Update 16.0.5539.1002 https://support.microsoft.com/help/5002837 10739 10740 5002837 <a href="https://twitter.com/jq0904">Quan Jin</a> with DBAPPSecurity 1.0 2026-02-10T08:00:00 <p>Information published.</p> Microsoft Excel Information Disclosure Vulnerability <p>Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2026-21258 Improper Input Validation Out-of-bounds Read 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Information Disclosure 10836 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Information Disclosure 10739 Information Disclosure 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10836 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11951 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12420 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12421 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12440 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10739 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10740 5002835 https://www.microsoft.com/en-us/download/details.aspx?id=108551 5002824 10836 Maybe Security Update 16.0.10417.20097 https://support.microsoft.com/help/5002835 10836 5002835 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.106.26020821 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002837 https://www.microsoft.com/en-us/download/details.aspx?id=108555 5002831 10739 10740 Maybe Security Update 16.0.5539.1002 https://support.microsoft.com/help/5002837 10739 10740 5002837 <a href="https://www.linkedin.com/in/boolgombear/">Minjea Park</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> Microsoft Outlook Spoofing Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this spoofing vulnerability by using a specially crafted email to trigger an outbound NTLM authentication attempt to an attacker‑controlled server, resulting in credential disclosure.</p> <p><strong>Why isn’t there a security update for Outlook if Outlook is impacted?</strong></p> <p>Microsoft Outlook may be involved in certain attack scenarios; however, the security update applies to Microsoft Word, which addresses the vulnerability. Installing the latest security update for Microsoft Word fully mitigates the vulnerability, including scenarios in which Outlook is used. There is no separate update required for Microsoft Outlook.</p> Microsoft Office Outlook Microsoft Yes CVE-2026-21260 Exposure of Sensitive Information to an Unauthorized Actor 10950 11585 11573 11574 11762 11763 11952 11953 11961 12420 12421 10765 10766 Spoofing 10950 Spoofing 11585 Spoofing 11573 Spoofing 11574 Spoofing 11762 Spoofing 11763 Spoofing 11952 Spoofing 11953 Spoofing 11961 Spoofing 12420 Spoofing 12421 Spoofing 10765 Spoofing 10766 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 11961 Important 12420 Important 12421 Important 10765 Important 10766 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10950 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11585 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11961 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12420 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12421 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10765 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10766 5002841 https://www.microsoft.com/en-us/download/details.aspx?id=108550 5002828 10950 Maybe Security Update 16.0.5539.1002 https://support.microsoft.com/help/5002841 10950 5002841 5002840 https://www.microsoft.com/en-us/download/details.aspx?id=108553 5002827 10950 Maybe Security Update 16.0.5539.1002 https://support.microsoft.com/help/5002840 10950 5002840 5002834 https://www.microsoft.com/en-us/download/details.aspx?id=108549 5002825 11585 Maybe Security Update 16.0.10417.20097 https://support.microsoft.com/help/5002834 11585 5002834 5002836 https://www.microsoft.com/en-us/download/details.aspx?id=108552 5002823 11585 Maybe Security Update 16.0.10417.20097 https://support.microsoft.com/help/5002836 11585 5002836 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002833 https://www.microsoft.com/en-us/download/details.aspx?id=108554 5002822 11961 Maybe Security Update 16.0.19127.20518 https://support.microsoft.com/help/5002833 11961 5002833 5002839 https://www.microsoft.com/en-us/download/details.aspx?id=108548 5002829 10765 10766 Maybe Security Update 16.0.5539.1002 https://support.microsoft.com/help/5002839 10765 10766 5002839 <a href="https://erpaciocco.github.io/">ErPaciocco</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Hyper-V Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The file must be stored in a location that allows an attacker write access, enabling the file to be corrupted. An attacker must send a user a crafted file and convince them to load it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Role: Windows Hyper-V Microsoft Yes CVE-2026-21248 Heap-based Buffer Overflow 11569 11571 11572 11923 11924 11931 12097 12437 20437 20438 12242 12243 12244 12389 12390 12436 10853 10816 10855 20854 20853 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 20854 Remote Code Execution 20853 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12097 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10853 Important 10816 Important 10855 Important 20854 Important 20853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10853 10816 10855 5075999 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 cyanbamboo and b2ahex 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Hyper-V Remote Code Execution Vulnerability <p>Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The file must be stored in a location that allows an attacker write access, enabling the file to be corrupted. An attacker must send a user a crafted file and convince them to load it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Role: Windows Hyper-V Microsoft Yes CVE-2026-21247 Improper Input Validation Heap-based Buffer Overflow Out-of-bounds Read 20854 20853 11569 11571 11572 11923 11924 11931 12097 12437 20437 20438 12242 12243 12244 12389 12390 12436 10853 10816 10855 Remote Code Execution 20854 Remote Code Execution 20853 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 20854 Important 20853 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12097 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10853 10816 10855 5075999 cyanbamboo and b2ahex 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2026-21246 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5075971 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075971 5073698 10378 10379 Yes Monthly Rollup 6.2.9200.25923 https://support.microsoft.com/help/5075971 10378 10379 5075971 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 UlanBird 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Subsystem for Linux Elevation of Privilege Vulnerability <p>Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>For an attacker to exploit this vulnerability, they would need to have knowledge of a specific operation that triggers a memory allocation failure, specifically a use after free.</p> Windows Subsystem for Linux Microsoft Yes CVE-2026-21242 Use After Free 20854 20853 11923 11924 11930 11931 12097 12098 12437 20437 20438 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20854 Elevation of Privilege 20853 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20854 Important 20853 Important 11923 Important 11924 Important 11930 Important 11931 Important 12097 Important 12098 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 ChenJian with Sea Security Orca Team 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p>Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>This means an authenticated user can upload malicious content, but exploitation only occurs if they convince another user to visit or interact with that content.</p> Microsoft Graphics Component Microsoft Yes CVE-2026-21235 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12242 12243 10852 10853 10816 10855 10378 10379 10483 10543 20854 20853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 20854 Elevation of Privilege 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 20854 Important 20853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5075971 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075971 5073698 10378 10379 Yes Monthly Rollup 6.2.9200.25923 https://support.microsoft.com/help/5075971 10378 10379 5075971 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 Marcin Wiazowski with <a href="https://www.zerodayinitiative.com/">TrendAI Zero Day Initiative</a> Marcin Wiazowski with <a href="https://www.zerodayinitiative.com/">TrendAI Zero Day Initiative</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Connected Devices Platform Service Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Connected Devices Platform Service Microsoft Yes CVE-2026-21234 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 20854 20853 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20854 Elevation of Privilege 20853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20854 Important 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com/">Hillstone Networks Security Research Institute</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2026-21236 Heap-based Buffer Overflow 20854 20853 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 20854 Elevation of Privilege 20853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20854 Important 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5075971 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075971 5073698 10378 10379 Yes Monthly Rollup 6.2.9200.25923 https://support.microsoft.com/help/5075971 10378 10379 5075971 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 JUSTWIN Team 1.0 2026-02-10T08:00:00 <p>Information published.</p> .NET Spoofing Vulnerability <p>Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, the privileges required is none (PR:N). What does that mean for this vulnerability?</strong></p> <p>The score is based on no user account is needed to perform the attack.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and availability (A:L), but could lead to major loss of integrity (I:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass critical-header validation and the service may accept a message it should reject.</p> .NET Microsoft Yes CVE-2026-21218 Improper Handling of Missing Special Element 20838 20837 12415 12414 20839 12416 12433 12432 12434 Spoofing 20838 Spoofing 20837 Spoofing 12415 Spoofing 12414 Spoofing 20839 Spoofing 12416 Spoofing 12433 Spoofing 12432 Spoofing 12434 Important 20838 Important 20837 Important 12415 Important 12414 Important 20839 Important 12416 Important 12433 Important 12432 Important 12434 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 20838 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 20837 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12415 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12414 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 20839 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12416 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12433 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12432 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12434 5077862 https://dotnet.microsoft.com/download/dotnet/10.0 20838 20837 20839 Maybe Security Update 10.0.3 https://support.microsoft.com/help/5077862 20838 20837 20839 5077862 5077863 https://dotnet.microsoft.com/download/dotnet/8.0 12415 12414 12416 Maybe Security Update 8.0.24 https://support.microsoft.com/help/5077863 12415 12414 12416 5077863 5077864 https://dotnet.microsoft.com/download/dotnet/9.0 12433 12432 12434 Maybe Security Update 9.0.13 https://support.microsoft.com/help/5077864 12433 12432 12434 5077864 <a href="https://github.com/vcsjones">vcsjones</a> with GitHub 1.0 2026-02-10T08:00:00 <p>Information published.</p> Microsoft ACI Confidential Containers Information Disclosure Vulnerability <p>Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secret tokens and keys.</p> Azure Compute Gallery Microsoft Yes CVE-2026-23655 Cleartext Storage of Sensitive Information 20672 Information Disclosure 20672 Critical 20672 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20672 Release Notes https://github.com/microsoft/confidential-sidecar-containers/archive/refs/tags/v2.14.zip 20672 No Source Code (.zip) 2.12 https://github.com/microsoft/confidential-sidecar-containers/releases 20672 Release Notes Release Notes https://github.com/microsoft/confidential-sidecar-containers/archive/refs/tags/v2.14.tar.gz 20672 No Source Code (tar.gz) 2.12 https://github.com/microsoft/confidential-sidecar-containers/releases 20672 Release Notes Microsoft Offensive Research and Security Engineering with Microsoft Microsoft Offensive Research and Security Engineering with Microsoft 1.0 2026-02-10T08:00:00 <p>Information published.</p> Chromium: CVE-2026-2320 Inappropriate implementation in File input <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.58</td> <td>02/17/2026</td> <td>145.0.7632.45/.46</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-2320 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-17T18:00:42 <p>Information published.</p> GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability <p>Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>The AV:N rating indicates the vulnerability is exploitable over the network, meaning an attacker can deliver a malicious prompt remotely without prior access, while UI:R means a user must interact with Copilot for exploitation to occur. Due to prompt injection, the system is coerced into executing attacker-controlled instructions, which can escalate into remote code execution (RCE) when the compromised prompt causes backend components or integrated tools to run unintended commands.</p> GitHub Copilot and Visual Studio Microsoft Yes CVE-2026-21523 Time-of-check Time-of-use (TOCTOU) Race Condition 16782 11622 Remote Code Execution 16782 Remote Code Execution 11622 Important 16782 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16782 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/Download 16782 Maybe Security Update 0.37.1 https://github.com/microsoft/vscode/ 16782 Release Notes Release Notes https://code.visualstudio.com/download 11622 Maybe Security Update 1.109.2 https://code.visualstudio.com/updates/v1_109 11622 Release Notes Anonymous Alexander Tan 1.0 2026-02-10T08:00:00 <p>Information published.</p> 1.1 2026-02-27T08:00:00 <p>Download links fixed</p> Power BI Remote Code Execution Vulnerability <p>Improper input validation in Power BI allows an authorized attacker to execute code over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain the privileges of the authenticated user.</p> Power BI Microsoft Yes CVE-2026-21229 Improper Input Validation 11719 Remote Code Execution 11719 Important 11719 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11719 Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=105943 11719 Maybe Security Update 15.0.1120.113 https://learn.microsoft.com/en-us/power-bi/report-server/changelog 11719 Release Notes Jack Misiura with <a href="https://www.themissinglink.com.au/">The Missing Link</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Remote Desktop Services Elevation of Privilege Vulnerability <p>Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Remote Desktop Microsoft Yes CVE-2026-21533 Improper Privilege Management 20854 20853 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 20854 Elevation of Privilege 20853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20854 Important 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 20854 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 20853 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12437 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 20437 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 20438 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12242 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12243 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12244 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12389 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12390 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12436 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5075971 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075971 5073698 10378 10379 Yes Monthly Rollup 6.2.9200.25923 https://support.microsoft.com/help/5075971 10378 10379 5075971 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 <a href="http://twitter.com/crowdstrike">Advanced Research Team, CrowdStrike</a> with <a href="http://www.crowdstrike.com/">CrowdStrike</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> MSHTML Framework Security Feature Bypass Vulnerability <p>Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.</p> <p><strong>According to the CVSS metric, the attack vector is user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by convincing a user to open a malicious HTML file or shortcut (.lnk) file delivered through a link, email attachment, or download. The specially crafted file manipulates browser and Windows Shell handling, causing the content to be executed by the operating system. This allows the attacker to bypass security features and potentially achieve code execution.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>This update address a vulnerability that bypasses prompts when executing a file.</p> MSHTML Framework Microsoft Yes CVE-2026-21513 Protection Mechanism Failure 20854 20853 11568 11923 11924 11571 11572 11930 11931 11929 12097 12098 12437 20437 12099 12242 20438 12243 12244 12389 12390 12436 10816 10852 10855 10853 10378 11569 10483 10379 10543 Security Feature Bypass 20854 Security Feature Bypass 20853 Security Feature Bypass 11568 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 11929 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 20438 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10816 Security Feature Bypass 10852 Security Feature Bypass 10855 Security Feature Bypass 10853 Security Feature Bypass 10378 Security Feature Bypass 11569 Security Feature Bypass 10483 Security Feature Bypass 10379 Security Feature Bypass 10543 Important 20854 Important 20853 Important 11568 Important 11923 Important 11924 Important 11571 Important 11572 Important 11930 Important 11931 Important 11929 Important 12097 Important 12098 Important 12437 Important 20437 Important 12099 Important 12242 Important 20438 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10816 Important 10852 Important 10855 Important 10853 Important 10378 Important 11569 Important 10483 Important 10379 Important 10543 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11571 11572 11569 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11571 11572 11569 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11930 11931 11929 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11930 11931 11929 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10816 10852 10855 10853 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10816 10852 10855 10853 5075999 5075971 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075971 5073698 10378 10379 Yes Monthly Rollup 6.2.9200.25923 https://support.microsoft.com/help/5075971 10378 10379 5075971 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 Google Threat Intelligence Group Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), and Office Product Group Security Team 1.0 2026-02-10T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability <p>User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must correctly craft convincing spoofed UI chrome, time the fullscreen entry, and rely on user perception. While the exploit triggers reliably after a gesture, successful deception depends on careful social engineering and realistic mimicking of browser UI.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view sensitive information, (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge for Android Microsoft Yes CVE-2026-0391 User Interface (UI) Misrepresentation of Critical Information 11655 Spoofing 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes xyzhellsing 1.0 2026-02-05T08:00:00 <p>Information published.</p> Chromium: CVE-2026-1861 Heap buffer overflow in libvpx <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>144.0.3719.115</td> <td>02/05/2026</td> <td>144.0.7559.132/.133</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-1861 11655 11655 11655 Release Notes 11655 No Security Update 144.0.3719.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-05T19:27:27 <p>Information published.</p> Azure Front Door Elevation of Privilege Vulnerability <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Front Door (AFD) Microsoft No CVE-2026-24300 Improper Access Control 11985 Elevation of Privilege 11985 Critical 11985 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11985 Sriharsha Pallekonda with Microsoft Parul Garg with Microsoft 1.0 2026-02-05T08:00:00 <p>Information published.</p> Azure Function Information Disclosure Vulnerability <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Function Microsoft No CVE-2026-21532 Exposure of Sensitive Information to an Unauthorized Actor 11795 Information Disclosure 11795 Critical 11795 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11795 Henrique Pereira with Microsoft 1.0 2026-02-05T08:00:00 <p>Information published.</p> Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who exploited this vulnerability could execute arbitrary commands within the affected ACI container’s context, allowing them to run code with the same privileges as the compromised container. In confidential‑container scenarios, this could also let an attacker access sensitive secrets or data protected by the attested environment.</p> Azure Compute Gallery Microsoft Yes CVE-2026-21522 Improper Neutralization of Special Elements used in a Command ('Command Injection') 20672 Elevation of Privilege 20672 Critical 20672 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 20672 Release Notes https://learn.microsoft.com/en-us/cli/azure/azure-cli-extensions-overview 20672 No Security Update 1.2.8 https://github.com/Azure/azure-cli-extensions/pull/9238 20672 Release Notes <a href="https://x.com/yuvalavra">Yuval Avrahami</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> Chromium: CVE-2026-2441 Use after free in CSS <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information. Google is aware that an exploit for CVE-2026-2441 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.58</td> <td>02/17/2026</td> <td>145.0.7632.45/.46</td> </tr> </tbody> </table> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>144.0.3719.130</td> <td>02/17/2026</td> <td>144.0.7559.177</td> </tr> </tbody> </table> <p>Edge Extended Stable receives important Chromium security backports, but CVEs are only published when chromium details exist or when Microsoft ships Edge-specific security updates.</p> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-2441 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-17T18:00:43 <p>Information published.</p> 1.1 2026-02-19T08:00:00 <p>Added Extended Stable build information. This is an informational change only.</p> Chromium: CVE-2026-2323 Inappropriate implementation in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.58</td> <td>02/17/2026</td> <td>145.0.7632.45/.46</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-2323 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-17T18:00:42 <p>Information published.</p> Microsoft Edge (Chromium-based) Defense in Depth Vulnerability <p>Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user must visit the attacker‑controlled webpage, and perform the two tap gestures that cause autofill to activate.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to craft deceptive or invisible form elements and user to perform two sequential taps.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.58</td> <td>02/17/2026</td> <td>145.0.7632.45/.46</td> </tr> </tbody> </table> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2026-0102 Exposure of Private Personal Information to an Unauthorized Actor 11655 Defense in Depth 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 145.0.3800.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://www.linkedin.com/in/manojkumar-j-7ba35b202/">Manojkumar Jaganathan</a> with <a href="https://www.hackerbro.net/">Hacker Bro Technologies</a> Jaganathan Ananthakrishnan with <a href="https://hackerbro.net/">HackerBro Technologies</a> 1.0 2026-02-17T08:00:00 <p>Information published.</p> Chromium: CVE-2026-2319 Race in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.58</td> <td>02/17/2026</td> <td>145.0.7632.45/.46</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-2319 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-18T18:49:13 <p>Information published.</p> Chromium: CVE-2026-2316 Insufficient policy enforcement in Frames <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.58</td> <td>02/17/2026</td> <td>145.0.7632.45/.46</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-2316 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-18T18:49:11 <p>Information published.</p> Chromium: CVE-2026-2314 Heap buffer overflow in Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.58</td> <td>02/17/2026</td> <td>145.0.7632.45/.46</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-2314 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-18T18:49:08 <p>Information published.</p> Microsoft Teams Information Disclosure Vulnerability <p>Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Teams Microsoft No CVE-2026-21535 Improper Access Control 11686 Information Disclosure 11686 Critical 11686 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11686 <a href="https://www.linkedin.com/in/stefanwey/">Stefan Wey</a> with <a href="https://www.alweys.ch/">UMB</a> 1.0 2026-02-19T08:00:00 <p>Information published.</p> Chromium: CVE-2026-3063 Inappropriate implementation in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.82</td> <td>02/26/2026</td> <td>145.0.7632.116/117</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-3063 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.82 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-26T19:17:12 <p>Information published.</p> Microsoft Exchange Server Spoofing Vulnerability <p>User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>Why are update links missing for some Exchange products?</strong></p> <p>For <em><strong>Exchange Server 2016 and 2019</strong></em>, update links are not provided because these versions are out of support and security updates are only available through the <strong>Extended Security Update (ESU) program</strong>.</p> <p>Customers enrolled in ESU can access the December 2025 and future updates, while those not enrolled should migrate to Exchange Server Subscription Edition (SE) to continue receiving security updates. If you have purchased ESU and need assistance accessing updates, contact Microsoft at **ExchangeandSfBServerESUInquiry@service.microsoft.com. **</p> <p>For more details, see the official <a href="http://techcommunity.microsoft.com/blog/exchange/released-december-2025-exchange-server-security-updates/4474949">blog post</a>.</p> Microsoft Exchange Server Microsoft Yes CVE-2026-21527 User Interface (UI) Misrepresentation of Critical Information Insufficient Verification of Data Authenticity Improper Validation of Syntactic Correctness of Input 16792 12039 12502 12293 Spoofing 16792 Spoofing 12039 Spoofing 12502 Spoofing 12293 Important 16792 Important 12039 Important 12502 Important 12293 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 16792 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 12039 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 12502 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 12293 5074992 https://www.microsoft.com/en-us/download/details.aspx?id=108556 5071876 16792 Yes Security Update 15.02.2562.037 https://support.microsoft.com/help/5074992 16792 5074992 5074995 5071873 12039 Yes Security Update 15.01.2507.066 https://support.microsoft.com/help/5074995 12039 5074995 5074993 5017260 12502 Yes Security Update 15.02.1748.043 https://support.microsoft.com/help/5074993 12502 5074993 5074994 5071874 12293 Yes Security Update 15.02.1544.039 https://support.microsoft.com/help/5074994 12293 5074994 Vladislav Berghici of TrendAI Research Vladislav Berghici of TrendAI Research 1.0 2026-02-10T08:00:00 <p>Information published.</p> Azure IoT Explorer Information Disclosure Vulnerability <p>Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability includes the contents of the user’s local file system, folders or potentially cloud access credentials associated with the system.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> Azure IoT Explorer Microsoft Yes CVE-2026-21528 Binding to an Unrestricted IP Address 20852 Information Disclosure 20852 Important 20852 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 20852 Release Notes https://github.com/Azure/azure-iot-explorer/archive/refs/tags/v0.15.13.zip 20852 No Source Code (zip) 0.15.13 https://github.com/Azure/azure-iot-explorer/releases/tag/v0.15.13 20852 Release Notes Release Notes https://github.com/Azure/azure-iot-explorer/archive/refs/tags/v0.15.13.tar.gz 20852 No Source Code (tar.gz) 0.15.13 https://github.com/Azure/azure-iot-explorer/releases/tag/v0.15.13 20852 Release Notes <a href="https://www.linkedin.com/in/hay-mizrachi/">Hay Mizrachi</a> with <a href="https://microsoft.com/">Microsoft</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> 1.1 2026-02-19T08:00:00 <p>Corrected the CVE description and title. This is an informational change only.</p> Azure SDK for Python Remote Code Execution Vulnerability <p>Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could supply a maliciously crafted continuation token that, when processed by the Azure AI Language Conversations Authoring SDK, triggers unsafe deserialization and executes attacker‑controlled code on the system using the SDK.</p> Azure SDK Microsoft Yes CVE-2026-21531 Deserialization of Untrusted Data 20846 Remote Code Execution 20846 Important 20846 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20846 Release Notes https://pypi.org/project/azure-ai-language-conversations-authoring/1.0.0b4/ 20846 No Security Update 1.0.0b4 https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/cognitivelanguage/azure-ai-language-conversations-authoring/CHANGELOG.md 20846 Release Notes <a href="https://www.linkedin.com/in/muhammad-fadilullah-dzaki-a9080a2b5/">Muhammad Fadilullah Dzaki</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Shell Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>To successfully exploit this vulnerability, an attacker must convince a user to open a malicious link or shortcut file.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker could bypass Windows SmartScreen and Windows Shell security prompts by exploiting improper handling in Windows Shell components, allowing attacker‑controlled content to execute without user warning or consent.</p> Windows Shell Microsoft Yes CVE-2026-21510 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 20854 20853 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Security Feature Bypass 20854 Security Feature Bypass 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 20854 Important 20853 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12437 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 20437 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 20438 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12242 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12243 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12244 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12389 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12390 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12436 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 20854 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 20853 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5075971 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075971 5073698 10378 10379 Yes Monthly Rollup 6.2.9200.25923 https://support.microsoft.com/help/5075971 10378 10379 5075971 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 Anonymous Google Threat Intelligence Group Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), and Office Product Group Security Team 1.0 2026-02-10T08:00:00 <p>Information published.</p> Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability <p>Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:A). What does that mean for this vulnerability?</strong></p> <p>An attacker must be an authenticated to a Linux VMs in the same network subnet as the targeted in order to exploit this vulnerability.</p> <p><strong>What action do customers need to take protect themselves from this vulnerability?</strong></p> <p>Customers can obtain the fix by ensuring that Microsoft Defender for Endpoint auto‑provisioning is enabled in Defender for Cloud; once enabled, all eligible Linux machines will automatically receive MDE extension version 1.0.9.0.</p> <p><strong>How do I get the updated Microsoft Defender for Endpoint (MDE) for Linux extension that contains the fix?</strong></p> <p>The MDE for Linux extension is automatically updated through Azure’s auto‑provisioning mechanism. Customers will receive the updated extension (version 1.0.9.0) once auto‑provisioning is enabled on the subscription. The backend pushes the newest extension to all onboarded VMs without requiring manual action.</p> <p>You can verify auto‑provisioning in Defender for Cloud → Environment Settings → Defender Plans → Servers → Settings, where the MDE auto‑provisioning toggle (WDAgent / MDE extension) is located. Customers can select their subscription and confirm whether the provisioning setting is set to <strong>On</strong>. Read more <a href="https://learn.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?WT.mc_id=Portal-Microsoft_Azure_Security">here</a></p> <p><strong>If auto‑provisioning was disabled, how do I enable it to receive the fix?</strong></p> <p>Enable auto‑provisioning under Defender for Cloud. After it is turned on, all eligible machines in the subscription will automatically receive the updated MDE for Linux extension within up to <strong>6 hours.</strong> No further steps are needed.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker on the same subnet could intercept and respond to the extension’s IMDS request during installation, crafting a malicious JSON response that injects non-sanitized data into a shell command. By doing so, the attacker could cause the installation script to execute arbitrary code as root on the victim’s machine.</p> Microsoft Defender for Linux Microsoft Yes CVE-2026-21537 Improper Control of Generation of Code ('Code Injection') 12015 Remote Code Execution 12015 Important 12015 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12015 Release Notes 12015 Maybe Security Update 1.0.9.0 https://learn.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?WT.mc_id=Portal-Microsoft_Azure_Security 12015 Release Notes Michal Kamensky with Microsoft 1.0 2026-02-10T08:00:00 <p>Information published.</p> Azure HDInsight Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.</p> <p><strong>What additional customer action is needed to be protected?</strong></p> <p>The customer action needed is to restart Ambari server in both of the head nodes to have this fix updated.</p> Azure HDInsights Microsoft Yes CVE-2026-21529 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11987 Spoofing 11987 Important 11987 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11987 Release Notes https://hdiconfigactions.blob.core.windows.net/ambari-patch-100765/patch-script.sh 11987 No Security Update 5.1 https://docs.azure.cn/en-us/hdinsight/hdinsight-release-notes 11987 Release Notes Release Notes https://hdiconfigactions.blob.core.windows.net/ambari-patch-100765/ambari_ui_patch_5files.tar.gz 11987 No Security Update 5.1 https://docs.azure.cn/en-us/hdinsight/hdinsight-release-notes 11987 Release Notes <a href="https://www.linkedin.com/in/tomer-nahum-977a021b5/">Tomer Nahum</a> with <a href="https://www.semperis.com/">Semperis</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> Chromium: CVE-2026-1862 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>144.0.3719.115</td> <td>02/05/2026</td> <td>144.0.7559.132/.133</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-1862 11655 11655 11655 Release Notes 11655 No Security Update 144.0.3719.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-06T08:00:30 <p>Information published.</p> CVE-2026-2318 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.58</td> <td>02/17/2026</td> <td>145.0.7632.45/.46</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-2318 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-17T18:00:40 <p>Information published.</p> Chromium: CVE-2026-2313 Use after free in CSS <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.58</td> <td>02/17/2026</td> <td>145.0.7632.45/.46</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-2313 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-17T18:00:37 <p>Information published.</p> Chromium: CVE-2026-2322 Heap buffer overflow in Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.58</td> <td>02/17/2026</td> <td>145.0.7632.45/.46</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-2322 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-18T18:49:14 <p>Information published.</p> Chromium: CVE-2026-2649 Integer overflow in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.70</td> <td>02/20/2026</td> <td>145.0.7632.109/110</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-2649 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.70 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-20T21:22:06 <p>Information published.</p> Chromium: CVE-2026-2648 Heap buffer overflow in PDFium <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.70</td> <td>02/20/2026</td> <td>145.0.7632.109/110</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-2648 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.70 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-20T21:22:02 <p>Information published.</p> Chromium: CVE-2026-3062 Out of bounds read and write in Tint <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.82</td> <td>02/26/2026</td> <td>145.0.7632.116/117</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-3062 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.82 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-26T19:17:11 <p>Information published.</p> Chromium: CVE-2026-3061 Out of bounds read in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.82</td> <td>02/26/2026</td> <td>145.0.7632.116/117</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-3061 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.82 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-26T19:17:08 <p>Information published.</p> Microsoft Word Security Feature Bypass Vulnerability <p>Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Word Microsoft Yes CVE-2026-21514 Reliance on Untrusted Inputs in a Security Decision 11762 11763 11951 11952 11953 12420 12421 12440 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 11951 Security Feature Bypass 11952 Security Feature Bypass 11953 Security Feature Bypass 12420 Security Feature Bypass 12421 Security Feature Bypass 12440 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11762 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11763 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11951 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11952 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11953 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12420 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12421 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12440 Click to Run 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.106.26020821 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes Anonymous Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), and Office Product Group Security Team Google Threat Intelligence Group Anonymous 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Remote Access Connection Manager Denial of Service Vulnerability <p>Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.</p> Windows Remote Access Connection Manager Microsoft Yes CVE-2026-21525 NULL Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 20854 20853 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 20437 Denial of Service 20438 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Denial of Service 20854 Denial of Service 20853 Moderate 11568 Moderate 11569 Moderate 11571 Moderate 11572 Moderate 11923 Moderate 11924 Moderate 11929 Moderate 11930 Moderate 11931 Moderate 12097 Moderate 12098 Moderate 12099 Moderate 12437 Moderate 20437 Moderate 20438 Moderate 12242 Moderate 12243 Moderate 12244 Moderate 12389 Moderate 12390 Moderate 12436 Moderate 10852 Moderate 10853 Moderate 10816 Moderate 10855 Moderate 10378 Moderate 10379 Moderate 10483 Moderate 10543 Moderate 20854 Moderate 20853 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20854 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20853 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5075971 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075971 5073698 10378 10379 Yes Monthly Rollup 6.2.9200.25923 https://support.microsoft.com/help/5075971 10378 10379 5075971 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 <a href="https://x.com/0patch">0patch vulnerability research team</a> with <a href="https://0patch.com/">0patch by ACROS Security</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> GitHub Copilot for Jetbrains Remote Code Execution Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Github Copilot Microsoft Yes CVE-2026-21516 Improper Neutralization of Special Elements used in a Command ('Command Injection') 20677 Remote Code Execution 20677 Important 20677 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20677 Release Notes https://plugins.jetbrains.com/plugin/17718-github-copilot--your-ai-pair-programmer/versions/stable 20677 Maybe Security Update 1.5.63 https://plugins.jetbrains.com/plugin/17718-github-copilot--your-ai-pair-programmer/versions/stable/933548 20677 Release Notes 7resp4ss and Guang Gong with 360 VRI 1.0 2026-02-10T08:00:00 <p>Information published.</p> Microsoft Outlook Spoofing Vulnerability <p>Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this spoofing vulnerability by using a specially crafted email to trigger an outbound NTLM authentication attempt to an attacker‑controlled server, resulting in credential disclosure.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Outlook Microsoft Yes CVE-2026-21511 Deserialization of Untrusted Data 10950 11585 11573 11574 11762 11763 11951 11952 11953 11961 12420 12421 12440 10746 10747 Spoofing 10950 Spoofing 11585 Spoofing 11573 Spoofing 11574 Spoofing 11762 Spoofing 11763 Spoofing 11951 Spoofing 11952 Spoofing 11953 Spoofing 11961 Spoofing 12420 Spoofing 12421 Spoofing 12440 Spoofing 10746 Spoofing 10747 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 11961 Important 12420 Important 12421 Important 12440 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10950 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11585 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11951 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11961 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12420 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12421 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12440 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10746 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10747 5002841 https://www.microsoft.com/en-us/download/details.aspx?id=108550 5002828 10950 Maybe Security Update 16.0.5539.1002 https://support.microsoft.com/help/5002841 10950 5002841 5002840 https://www.microsoft.com/en-us/download/details.aspx?id=108553 5002827 10950 Maybe Security Update 16.0.5539.1002 https://support.microsoft.com/help/5002840 10950 5002840 5002834 https://www.microsoft.com/en-us/download/details.aspx?id=108549 5002825 11585 Maybe Security Update 16.0.10417.20097 https://support.microsoft.com/help/5002834 11585 5002834 5002836 https://www.microsoft.com/en-us/download/details.aspx?id=108552 5002823 11585 Maybe Security Update 16.0.10417.20097 https://support.microsoft.com/help/5002836 11585 5002836 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.106.26020821 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002833 https://www.microsoft.com/en-us/download/details.aspx?id=108554 5002822 11961 Maybe Security Update 16.0.19127.20518 https://support.microsoft.com/help/5002833 11961 5002833 5002839 https://www.microsoft.com/en-us/download/details.aspx?id=108548 5002829 10746 10747 Maybe Security Update 16.0.5539.1002 https://support.microsoft.com/help/5002839 10746 10747 5002839 Office Product Group Security Team Anonymous 1.0 2026-02-10T08:00:00 <p>Information published.</p> 1.1 2026-02-11T08:00:00 <p>Acknowledgement added. This is an informational change only.</p> Windows Storage Elevation of Privilege Vulnerability <p>Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Storage Microsoft Yes CVE-2026-21508 Improper Authentication Untrusted Search Path 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 20854 20853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 20854 Elevation of Privilege 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 20854 Important 20853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5075971 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075971 5073698 10378 10379 Yes Monthly Rollup 6.2.9200.25923 https://support.microsoft.com/help/5075971 10378 10379 5075971 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 <a href="https://www.linkedin.com/in/oscar-zanotti-campo-42435a399">0scar Zanotti Camp0</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> Microsoft Excel Information Disclosure Vulnerability <p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft Office Excel Microsoft Yes CVE-2026-21261 Out-of-bounds Read 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Information Disclosure 10836 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Information Disclosure 10739 Information Disclosure 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10836 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11951 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12420 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12421 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12440 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10739 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10740 5002835 https://www.microsoft.com/en-us/download/details.aspx?id=108551 5002824 10836 Maybe Security Update 16.0.10417.20097 https://support.microsoft.com/help/5002835 10836 5002835 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.106.26020821 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002837 https://www.microsoft.com/en-us/download/details.aspx?id=108555 5002831 10739 10740 Maybe Security Update 16.0.5539.1002 https://support.microsoft.com/help/5002837 10739 10740 5002837 0ccbbf129444eb66344ccafb92b00df4 1.0 2026-02-10T08:00:00 <p>Information published.</p> GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would gain the rights of the user that is running the affected application.</p> GitHub Copilot and Visual Studio Microsoft Yes CVE-2026-21257 Improper Neutralization of Special Elements used in a Command ('Command Injection') 16767 20843 Elevation of Privilege 16767 Elevation of Privilege 20843 Important 16767 Important 20843 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16767 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20843 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.26 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2026 version 18.3 20843 Maybe Security Update 18.3.0 https://learn.microsoft.com/en-us/visualstudio/releases/2026/release-notes 20843 Release Notes <a href="https://www.linkedin.com/in/tarek-nakkouch/">Tarek Nakkouch</a> 1.1 2026-03-13T07:00:00 <p>Changes made to the security updates links and information. This is an informational change only.</p> 1.0 2026-02-10T08:00:00 <p>Information published.</p> GitHub Copilot and Visual Studio Remote Code Execution Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>The AV:N rating indicates the vulnerability is exploitable over the network, meaning an attacker can deliver a malicious prompt remotely without prior access, while UI:R means a user must interact with Copilot for exploitation to occur. Due to prompt injection, the system is coerced into executing attacker-controlled instructions, which can escalate into remote code execution (RCE) when the compromised prompt causes backend components or integrated tools to run unintended commands.</p> GitHub Copilot and Visual Studio Microsoft Yes CVE-2026-21256 Improper Neutralization of Special Elements used in a Command ('Command Injection') Improper Control of Generation of Code ('Code Injection') 16767 20843 Remote Code Execution 16767 Remote Code Execution 20843 Important 16767 Important 20843 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16767 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20843 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.26 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2026 version 18.3 20843 Maybe Security Update 18.3.0 https://learn.microsoft.com/en-us/visualstudio/releases/2026/release-notes 20843 Release Notes <a href="https://www.linkedin.com/in/tarek-nakkouch/">Nakkouch Tarek</a> 1.1 2026-02-11T08:00:00 <p>Changes made to the security updates links and information. This is an informational change only.</p> 1.2 2026-03-13T07:00:00 <p>Changes made to the security updates links and information. This is an informational change only.</p> 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Hyper-V Security Feature Bypass Vulnerability <p>Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the <a href="https://learn.microsoft.com/windows-hardware/design/device-experiences/oem-vbs">Virtualization-based Security</a> feature.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Exploitation requires an attacker who already has local execution on a VBS‑enabled guest VM to run a specially crafted application or driver that abuses the hypervisor’s overlay handling to bypass VBS/VTL protections and compromise kernel integrity.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> Role: Windows Hyper-V Microsoft Yes CVE-2026-21255 Improper Access Control 20854 20853 11569 11571 11572 11923 11924 11931 12097 12437 20437 20438 12242 12243 12244 12389 12390 12436 10853 10816 10855 Security Feature Bypass 20854 Security Feature Bypass 20853 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 20854 Important 20853 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12097 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10853 10816 10855 5075999 Sai Ganesh Ramachandran with Microsoft 1.0 2026-02-10T08:00:00 <p>Information published.</p> 1.1 2026-02-10T08:00:00 <p>The FAQs have been updated for this CVE</p> Mailslot File System Elevation of Privilege Vulnerability <p>Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Mailslot File System Microsoft Yes CVE-2026-21253 Use After Free 20854 20853 11923 11930 11931 11569 11929 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10816 10853 10852 10855 10379 10483 10378 10543 11924 11568 11571 11572 Elevation of Privilege 20854 Elevation of Privilege 20853 Elevation of Privilege 11923 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 11569 Elevation of Privilege 11929 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10816 Elevation of Privilege 10853 Elevation of Privilege 10852 Elevation of Privilege 10855 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10378 Elevation of Privilege 10543 Elevation of Privilege 11924 Elevation of Privilege 11568 Elevation of Privilege 11571 Elevation of Privilege 11572 Important 20854 Important 20853 Important 11923 Important 11930 Important 11931 Important 11569 Important 11929 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10816 Important 10853 Important 10852 Important 10855 Important 10379 Important 10483 Important 10378 Important 10543 Important 11924 Important 11568 Important 11571 Important 11572 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11930 11931 11929 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11930 11931 11929 5075912 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11569 11568 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11569 11568 11571 11572 5075904 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10816 10853 10852 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10816 10853 10852 10855 5075999 5075971 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075971 5073698 10379 10378 Yes Monthly Rollup 6.2.9200.25923 https://support.microsoft.com/help/5075971 10379 10378 5075971 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 Anonymous 1.0 2026-02-10T08:00:00 <p>Information published.</p> Red Hat, Inc. CVE-2023-2804: Heap Based Overflow libjpeg-turbo <p>A heap‑based buffer overflow exists in libjpeg‑turbo’s h2v2_merged_upsample_internal() function when processing 12‑bit lossless JPEG images. An attacker could craft an image containing out‑of‑range 12‑bit samples that, when decompressed with merged upsampling enabled, may trigger a segmentation fault or buffer overflow, resulting in an application crash.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could exploit the vulnerability by uploading a malicious TIFF file to a server.</p> <p><strong>Why is Microsoft addressing CVE‑2023‑2804, a vulnerability originally reported by Red Hat?</strong></p> <p>Microsoft uses the open‑source libjpeg‑turbo component inside certain Windows imaging components. The vulnerability was fixed upstream in libjpeg‑turbo 3.0.2 (<a href="http://https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/3.0.2">3.0.2 release notes</a>), so Microsoft updated our internal copy accordingly. Customers do not need to take action—this fix is delivered through Microsoft servicing.</p> <p><strong>What version contains the fix?</strong> Microsoft integrated the upstream fix from libjpeg‑turbo 3.0.2, and later builds may include the newer 3.1.3 upstream version (latest release). Customers receive the corrected version automatically through Windows updates.</p> Windows Win32K - GRFX Red Hat, Inc. Yes CVE-2023-2804 Heap-based Buffer Overflow 12244 Remote Code Execution 12244 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 Hussein Alrubaye with Microsoft 1.0 2026-02-10T08:00:00 <p>Information published.</p> Cluster Client Failover (CCF) Elevation of Privilege Vulnerability <p>Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Cluster Client Failover Microsoft Yes CVE-2026-21251 Use After Free 11571 11572 11923 11924 12437 12244 12436 10816 10855 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 12437 Elevation of Privilege 12244 Elevation of Privilege 12436 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10816 10855 5075999 ChenJian with Sea Security Orca Team 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows HTTP.sys Elevation of Privilege Vulnerability <p>Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows HTTP.sys Microsoft Yes CVE-2026-21250 Untrusted Pointer Dereference 12437 20437 20438 12244 12389 12390 12436 20854 20853 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20854 Elevation of Privilege 20853 Important 12437 Important 20437 Important 20438 Important 12244 Important 12389 Important 12390 Important 12436 Important 20854 Important 20853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 Anonymous Matthew Cox with Microsoft 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows NTLM Spoofing Vulnerability <p>External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> Windows NTLM Microsoft Yes CVE-2026-21249 External Control of File Name or Path 20854 20853 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10483 10543 Spoofing 20854 Spoofing 20853 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 20437 Spoofing 20438 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 12389 Spoofing 12390 Spoofing 12436 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 10483 Spoofing 10543 Important 20854 Important 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 20854 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 20853 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12437 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 20437 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 20438 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12242 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12243 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12244 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12389 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12390 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12436 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 <a href="https://x.com/dez_">Joe Desimone</a> with Elastic Security Jonathan Lein of TrendAI Research Jonathan Lein of TrendAI Research 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2026-21245 Heap-based Buffer Overflow 12437 20437 20438 12389 12390 12436 20854 20853 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20854 Elevation of Privilege 20853 Important 12437 Important 20437 Important 20438 Important 12389 Important 12390 Important 12436 Important 20854 Important 20853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 Pedro Miguel Justo Teixeira 1.0 2026-02-10T08:00:00 <p>Information published.</p> 1.1 2026-02-10T08:00:00 <p>Acknowledgement Updated</p> Windows Hyper-V Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The file must be stored in a location that allows an attacker write access, enabling the file to be corrupted. An attacker must send a user a crafted file and convince them to load it.</p> Role: Windows Hyper-V Microsoft Yes CVE-2026-21244 Heap-based Buffer Overflow 20854 20853 11569 11571 11572 11923 11924 11931 12097 12437 20437 20438 12242 12243 12244 12389 12390 12436 10853 10816 10855 Remote Code Execution 20854 Remote Code Execution 20853 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 20854 Important 20853 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12097 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10853 10816 10855 5075999 cyanbamboo and b2ahex 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability <p>Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.</p> Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2026-21243 NULL Pointer Dereference 11571 11572 11923 11924 12437 12244 12436 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12437 Denial of Service 12244 Denial of Service 12436 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 MORSE (Microsoft Offensive Research and Security Engineering) 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows HTTP.sys Elevation of Privilege Vulnerability <p>Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows HTTP.sys Microsoft Yes CVE-2026-21240 Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 20854 20853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20854 Elevation of Privilege 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 20854 Important 20853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 Matthew Cox with Microsoft 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>For an attacker to exploit this vulnerability, they would need to have knowledge of a specific operation that triggers a memory allocation failure, specifically a use after free.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2026-21241 Use After Free 20854 20853 11923 11924 12437 20437 20438 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20854 Elevation of Privilege 20853 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20854 Important 20853 Important 11923 Important 11924 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 <a href="https://x.com/dark_puzzle">Souhail Hammou</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2026-21239 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5075971 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075971 5073698 10378 10379 Yes Monthly Rollup 6.2.9200.25923 https://support.microsoft.com/help/5075971 10378 10379 5075971 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 Anonymous 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2026-21238 Improper Access Control 20854 20853 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 20854 Elevation of Privilege 20853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20854 Important 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5075971 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075971 5073698 10378 10379 Yes Monthly Rollup 6.2.9200.25923 https://support.microsoft.com/help/5075971 10378 10379 5075971 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Subsystem for Linux Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>For an attacker to exploit this vulnerability, they would need to have knowledge of a specific operation that triggers a memory allocation failure, specifically a use after free.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Subsystem for Linux Microsoft Yes CVE-2026-21237 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 20854 20853 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20854 Elevation of Privilege 20853 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 20854 Important 20853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 ChenJian with Sea Security Orca Team 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows HTTP.sys Elevation of Privilege Vulnerability <p>Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows HTTP.sys Microsoft Yes CVE-2026-21232 Untrusted Pointer Dereference 20854 20853 12437 20437 20438 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20854 Elevation of Privilege 20853 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20854 Important 20853 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 Matthew Cox with Microsoft 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2026-21231 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 20854 20853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 20854 Elevation of Privilege 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 20854 Important 20853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5075971 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075971 5073698 10378 10379 Yes Monthly Rollup 6.2.9200.25923 https://support.microsoft.com/help/5075971 10378 10379 5075971 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 dreamy 1.0 2026-02-10T08:00:00 <p>Information published.</p> Azure Local Remote Code Execution Vulnerability <p>Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by intercepting the unsecured communication between the configurator app and target machines, modifying the responses, and using that to trigger command injection that runs arbitrary code with admin privileges on the system. They could then extract the Azure token from the app’s logs and use it to move laterally into the cloud environment.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>A high attack complexity means the attacker must be able to perform a precise machine‑in‑the‑middle modification of Kerberos traffic, which requires specific network positioning and conditions to succeed.</p> Azure Local Microsoft Yes CVE-2026-21228 Improper Certificate Validation 20844 Remote Code Execution 20844 Important 20844 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20844 Release Notes https://aka.ms/ConfiguratorAppForHCI 20844 No Security Update 2510.0.3002 https://learn.microsoft.com/en-us/azure/azure-local/deploy/deployment-without-azure-arc-gateway?view=azloc-2601&tabs=app&pivots=register-proxy 20844 Release Notes Michal Kamensky with Microsoft 1.0 2026-02-10T08:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p>Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.</p> Windows Kernel Microsoft Yes CVE-2026-21222 Insertion of Sensitive Information into Log File 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 Microsoft Offensive Research & Security Engineering 1.0 2026-02-10T08:00:00 <p>Information published. This CVE was addressed by updates that were released in November 2025, but the CVE was inadvertently omitted from the November 2025 Security Updates. This is an informational change only. Customers who have already installed the November 2025 updates do not need to take any further action.</p> GDI+ Denial of Service Vulnerability <p>Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.</p> Windows GDI+ Microsoft Yes CVE-2026-20846 Buffer Over-read 20854 20853 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 12155 Denial of Service 20854 Denial of Service 20853 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 20437 Denial of Service 20438 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Denial of Service 12155 Important 20854 Important 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 12155 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20854 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12155 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20854 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20854 20853 5077179 5075904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075904 11568 11569 11571 11572 Yes Security Update 10.0.17763.8389 https://support.microsoft.com/help/5075904 11568 11569 11571 11572 5075904 5075906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075906 5073457 11923 11924 Yes Security Update 10.0.20348.4773 https://support.microsoft.com/help/5075906 11923 11924 5075906 5075906 https://support.microsoft.com/help/5075906 11923 11924 5075943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075943 11923 11924 Yes Security Hotpatch Update 10.0.20348.4711 https://support.microsoft.com/help/5075943 11923 11924 5075943 5075943 https://support.microsoft.com/help/5075943 11923 11924 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 11929 11930 11931 Yes Security Update 10.0.19044.6937 https://support.microsoft.com/help/5075912 11929 11930 11931 5075912 5075912 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075912 5073724 12097 12098 12099 Yes Security Update 10.0.19045.6937 https://support.microsoft.com/help/5075912 12097 12098 12099 5075912 5075899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075899 5074109 12437 12436 Yes Security Update 10.0.26100.32370 https://support.microsoft.com/help/5075899 12437 12436 5075899 5075899 https://support.microsoft.com/help/5075899 12437 12436 5075942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075942 12437 12436 Yes Security Hotpatch Update 10.0.26100.32313 https://support.microsoft.com/help/5075942 12437 12436 5075942 5075942 https://support.microsoft.com/help/5075942 12437 12436 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 20437 20438 Yes Security Update 10.0.26200.7840 https://support.microsoft.com/help/5077181 20437 20438 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 20437 20438 Yes Security Hotpatch Update 10.0.26200.7781 https://support.microsoft.com/help/5077212 20437 20438 5077212 5075941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075941 5073455 12242 12243 Yes Security Update 10.0.22631.6649 https://support.microsoft.com/help/5075941 12242 12243 5075941 5075897 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075897 5073450 12244 Yes Security Update 10.0.25398.2149 https://support.microsoft.com/help/5075897 12244 5075897 5075897 https://support.microsoft.com/help/5075897 12244 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5073379 12389 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12389 5077181 5077212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077212 12389 12390 Yes Security Hotpatch Update 10.0.26100.7781 https://support.microsoft.com/help/5077212 12389 12390 5077212 5077181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077181 5074109 12390 Yes Security Update 10.0.26100.7840 https://support.microsoft.com/help/5077181 12390 5077181 5075999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075999 10852 10853 10816 10855 Yes Security Update 10.0.14393.8868 https://support.microsoft.com/help/5075999 10852 10853 10816 10855 5075999 5075971 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075971 5073698 10378 10379 Yes Monthly Rollup 6.2.9200.25923 https://support.microsoft.com/help/5075971 10378 10379 5075971 5075970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5075970 5073696 10483 10543 Yes Monthly Rollup 6.3.9600.23022 https://support.microsoft.com/help/5075970 10483 10543 5075970 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.19822.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes 0ccbbf129444eb66344ccafb92b00df4 xina1i of <a href="https://github.com/xinali">Anity Lab</a> xina1i of <a href="https://github.com/xinali">Anity Lab</a> 1.0 2026-02-10T08:00:00 <p>Information published.</p> Chromium: CVE-2026-2317 Inappropriate implementation in Animation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.58</td> <td>02/17/2026</td> <td>145.0.7632.45/.46</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-2317 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.58 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-17T18:00:40 <p>Information published.</p> Windows Admin Center Elevation of Privilege Vulnerability <p>Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would gain the rights of the user that is running the affected application.</p> Windows Admin Center Microsoft Yes CVE-2026-26119 Improper Authentication 11629 Elevation of Privilege 11629 Critical 11629 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11629 Release Notes https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/overview 11629 No Security Update 2.6.4 https://aka.ms/wac2511 11629 Release Notes <a href="https://twitter.com/decoder_it">Andrea Pierini</a> with <a href="https://www.semperis.com/">Semperis</a> <a href="https://twitter.com/decoder_it">Andrea Pierini</a> with <a href="https://www.semperis.com/">Semperis</a> 1.0 2026-02-17T08:00:00 <p>Information published.</p> Chromium: CVE-2026-2650 Heap buffer overflow in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>145.0.3800.70</td> <td>02/20/2026</td> <td>145.0.7632.109/110</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-2650 11655 11655 11655 Release Notes 11655 No Security Update 145.0.3800.70 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-02-20T21:22:07 <p>Information published.</p> bonding: annotate data-races around slave->last_rx Mariner Linux Yes CVE-2026-23212 20860-17084 20860-17084 Moderate 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 CBL-Mariner Releases 20860-17084 No Security Update 6.6.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20860-17084 CBL-Mariner Releases 1.0 2026-02-21T04:26:54 <p>Information published.</p> 2.0 2026-02-27T14:37:08 <p>Information published.</p> 3.0 2026-02-28T01:38:24 <p>Information published.</p> x86/vmware: Fix hypercall clobbers Mariner Linux Yes CVE-2026-23215 20860-17084 20860-17084 Important 20860-17084 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20860-17084 1.0 2026-02-21T04:27:00 <p>Information published.</p> wifi: iwlwifi: Implement settime64 as stub for MVM/MLD PTP Mariner Linux Yes CVE-2025-71226 20860-17084 20860-17084 Important 20860-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20860-17084 1.0 2026-02-21T04:27:30 <p>Information published.</p> crypto: virtio - Add spinlock protection with virtqueue notification Mariner Linux Yes CVE-2026-23229 20860-17084 20860-17084 Important 20860-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 CBL-Mariner Releases 20860-17084 No Security Update 6.6.121.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20860-17084 CBL-Mariner Releases 1.0 2026-02-21T04:28:09 <p>Information published.</p> 2.0 2026-02-26T01:37:21 <p>Information published.</p> smb: client: split cached_fid bitfields to avoid shared-byte RMW races Mariner Linux Yes CVE-2026-23230 20860-17084 20860-17084 Important 20860-17084 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20860-17084 1.0 2026-02-21T04:28:20 <p>Information published.</p> crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode Mariner Linux Yes CVE-2025-71231 20860-17084 20860-17084 Important 20860-17084 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20860-17084 1.0 2026-02-21T04:28:41 <p>Information published.</p> ksmbd: add chann_lock to protect ksmbd_chann_list xarray Mariner Linux Yes CVE-2026-23226 20860-17084 20860-17084 Important 20860-17084 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 1.0 2026-02-21T04:29:02 <p>Information published.</p> scsi: qla2xxx: Free sp in error path to fix system crash Mariner Linux Yes CVE-2025-71232 20860-17084 20860-17084 Moderate 20860-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 CBL-Mariner Releases 20860-17084 No Security Update 6.6.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20860-17084 CBL-Mariner Releases 1.0 2026-02-21T04:29:39 <p>Information published.</p> 2.0 2026-02-27T14:37:43 <p>Information published.</p> 3.0 2026-02-28T01:39:04 <p>Information published.</p> WordPress Oxygen theme <= 6.0.8 - Server Side Request Forgery (SSRF) vulnerability Mariner Patchstack Yes CVE-2025-69299 Server-Side Request Forgery (SSRF) 19629-17084 19629-17084 Important 19629-17084 8.3 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U 19629-17084 1.0 2026-02-22T01:01:17 <p>Information published.</p> 2.0 2026-02-24T14:03:49 <p>Information published.</p> Qemu-kvm: heap buffer out-of-bounds read in vmdk compressed grain parsing Mariner redhat Yes CVE-2026-2243 Out-of-bounds Read 20880-17084 20691-17086 20880-17084 20691-17086 Moderate 20880-17084 Moderate 20691-17086 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 20880-17084 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 20691-17086 1.0 2026-02-23T01:01:18 <p>Information published.</p> 2.0 2026-02-24T14:04:04 <p>Information published.</p> Kata Container to Guest micro VM privilege escalation Mariner GitHub_M Yes CVE-2026-24834 Incorrect Permission Assignment for Critical Resource 20393-17086 20394-17086 20393-17086 20394-17086 Important 20393-17086 Critical 20394-17086 9.3 8.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P 20393-17086 9.3 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 20394-17086 2.0 2026-02-24T14:04:20 <p>Information published.</p> 1.0 2026-02-23T01:01:34 <p>Information published.</p> This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely. Mariner snyk Yes CVE-2026-2739 Loop with Unreachable Exit Condition (&#39;Infinite Loop&#39;) 20776-17086 20776-17086 Moderate 20776-17086 1.0 2026-02-25T01:03:52 <p>Information published.</p> Valkey Affected by RESP Protocol Injection via Lua error_reply Mariner GitHub_M Yes CVE-2025-67733 Improper Neutralization of Special Elements in Output Used by a Downstream Component (&#39;Injection&#39;) 20928-17084 20928-17084 Important 20928-17084 8.5 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H 20928-17084 CBL-Mariner Releases 20928-17084 No Security Update 8.0.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20928-17084 CBL-Mariner Releases 1.0 2026-02-26T01:01:54 <p>Information published.</p> 2.0 2026-02-26T14:36:30 <p>Information published.</p> Malformed Valkey Cluster bus message can lead to Remote DoS Mariner GitHub_M Yes CVE-2026-21863 Out-of-bounds Read 20928-17084 20928-17084 Important 20928-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20928-17084 CBL-Mariner Releases 20928-17084 No Security Update 8.0.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20928-17084 CBL-Mariner Releases 1.0 2026-02-26T01:01:59 <p>Information published.</p> 2.0 2026-02-26T14:36:37 <p>Information published.</p> nats-server websockets are vulnerable to pre-auth memory DoS Mariner GitHub_M Yes CVE-2026-27571 Improper Handling of Highly Compressed Data (Data Amplification) 20782-17086 20797-17084 20782-17086 20797-17084 Moderate 20782-17086 Moderate 20797-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20782-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20797-17084 CBL-Mariner Releases 20782-17086 No Security Update 1.29.4-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20782-17086 CBL-Mariner Releases CBL-Mariner Releases 20797-17084 No Security Update 1.31.0-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20797-17084 CBL-Mariner Releases 2.0 2026-02-27T14:38:29 <p>Information published.</p> 1.0 2026-02-27T01:01:45 <p>Information published.</p> 2.1 2026-02-28T01:39:54 <p>Information published.</p> LoongArch: Set correct protection_map[] for VM_NONE/VM_SHARED Mariner Linux Yes CVE-2025-71228 20860-17084 20860-17084 Important 20860-17084 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20860-17084 1.0 2026-02-21T04:26:37 <p>Information published.</p> scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() Mariner Linux Yes CVE-2026-23216 20860-17084 20860-17084 Important 20860-17084 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20860-17084 CBL-Mariner Releases 20860-17084 No Security Update 6.6.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20860-17084 CBL-Mariner Releases 1.0 2026-02-21T04:26:49 <p>Information published.</p> 2.0 2026-02-27T14:37:03 <p>Information published.</p> 3.0 2026-02-28T01:38:18 <p>Information published.</p> zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. Mariner mitre Yes CVE-2026-27171 Improper Validation of Specified Quantity in Input 18109-17084 18109-17084 Low 18109-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 18109-17084 CBL-Mariner Releases 18109-17084 No Security Update 1.3.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18109-17084 CBL-Mariner Releases 1.0 2026-02-21T04:27:35 <p>Information published.</p> 2.0 2026-02-23T14:36:01 <p>Information published.</p> Limited path traversal when installing wheel archives Mariner PSF Yes CVE-2026-1703 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 20918-17084 20918-17084 Low 20918-17084 1.0 2026-02-21T04:28:04 <p>Information published.</p> xfs: fix UAF in xchk_btree_check_block_owner Mariner Linux Yes CVE-2026-23223 20860-17084 20860-17084 Moderate 20860-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 20860-17084 CBL-Mariner Releases 20860-17084 No Security Update 6.6.121.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20860-17084 CBL-Mariner Releases 1.0 2026-02-21T04:28:46 <p>Information published.</p> 2.0 2026-02-26T01:37:34 <p>Information published.</p> scsi: qla2xxx: Delay module unload while fabric scan in progress Mariner Linux Yes CVE-2025-71235 20860-17084 20860-17084 Moderate 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 CBL-Mariner Releases 20860-17084 No Security Update 6.6.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20860-17084 CBL-Mariner Releases 2.0 2026-02-27T14:37:23 <p>Information published.</p> 1.0 2026-02-21T04:28:51 <p>Information published.</p> 3.0 2026-02-28T01:38:41 <p>Information published.</p> wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add Mariner Linux Yes CVE-2025-71234 20860-17084 20860-17084 Important 20860-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 1.0 2026-02-21T04:29:07 <p>Information published.</p> wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() Mariner Linux Yes CVE-2025-71229 20860-17084 20860-17084 Important 20860-17084 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20860-17084 CBL-Mariner Releases 20860-17084 No Security Update 6.6.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20860-17084 CBL-Mariner Releases 1.0 2026-02-21T04:29:13 <p>Information published.</p> 2.0 2026-02-27T14:37:28 <p>Information published.</p> 3.0 2026-02-28T01:38:47 <p>Information published.</p> scsi: qla2xxx: Validate sp before freeing associated memory Mariner Linux Yes CVE-2025-71236 20860-17084 20860-17084 Important 20860-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 1.0 2026-02-21T04:29:23 <p>Information published.</p> drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free Mariner Linux Yes CVE-2026-23227 20860-17084 20860-17084 Important 20860-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 1.0 2026-02-21T04:29:44 <p>Information published.</p> sched/mmcid: Don't assume CID is CPU owned on mode switch Mariner Linux Yes CVE-2026-23225 20860-17084 20860-17084 Moderate 20860-17084 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L 20860-17084 CBL-Mariner Releases 20860-17084 No Security Update 6.6.121.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20860-17084 CBL-Mariner Releases 1.0 2026-02-21T04:29:54 <p>Information published.</p> 2.0 2026-02-26T01:37:47 <p>Information published.</p> node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction Mariner GitHub_M Yes CVE-2026-26960 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 20131-17084 20044-17086 20131-17084 20044-17086 Important 20131-17084 Important 20044-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 20131-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 20044-17086 1.0 2026-02-22T01:01:26 <p>Information published.</p> 2.0 2026-02-24T14:03:56 <p>Information published.</p> 3.0 2026-02-25T01:38:11 <p>Information published.</p> TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability Mariner zdi Yes CVE-2026-2492 Uncontrolled Search Path Element 20827-17084 19668-17086 20827-17084 19668-17086 Important 20827-17084 Moderate 19668-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20827-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19668-17086 CBL-Mariner Releases 20827-17084 No Security Update 2.16.1-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20827-17084 CBL-Mariner Releases 2.0 2026-02-24T14:04:12 <p>Information published.</p> 3.0 2026-02-27T14:37:50 <p>Information published.</p> 1.0 2026-02-23T01:01:26 <p>Information published.</p> Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse Mariner GitHub_M Yes CVE-2026-27211 External Control of File Name or Path 20926-17084 19805-17086 20926-17084 19805-17086 Critical 20926-17084 Important 19805-17086 10.0 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N 20926-17084 10.0 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N 19805-17086 CBL-Mariner Releases 20926-17084 No Security Update 48.0.246-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20926-17084 CBL-Mariner Releases 1.0 2026-02-25T01:03:39 <p>Information published.</p> 2.0 2026-02-26T14:36:00 <p>Information published.</p> libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c. Mariner mitre Yes CVE-2025-61143 NULL Pointer Dereference 20747-17084 20696-17086 20747-17084 20696-17086 Moderate 20747-17084 Moderate 20696-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20747-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20696-17086 CBL-Mariner Releases 20747-17084 20696-17086 No Security Update 4.6.0-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20747-17084 20696-17086 CBL-Mariner Releases 2.0 2026-02-26T14:36:13 <p>Information published.</p> 1.0 2026-02-26T01:01:32 <p>Information published.</p> libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. Mariner mitre Yes CVE-2025-61144 Improper Restriction of Operations within the Bounds of a Memory Buffer 20747-17084 20696-17086 20747-17084 20696-17086 Critical 20747-17084 Critical 20696-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20747-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20696-17086 CBL-Mariner Releases 20747-17084 20696-17086 No Security Update 4.6.0-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20747-17084 20696-17086 CBL-Mariner Releases 1.0 2026-02-26T01:01:40 <p>Information published.</p> 2.0 2026-02-26T14:36:23 <p>Information published.</p> Windows Notepad App Remote Code Execution Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute both remote and local files.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows Notepad App Microsoft Yes CVE-2026-20841 Improper Neutralization of Special Elements used in a Command ('Command Injection') 20763 Remote Code Execution 20763 Important 20763 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20763 Release Notes https://apps.microsoft.com/detail/9MSMLRH6LZF3 20763 No Security Update 11.2512 https://apps.microsoft.com/detail/9MSMLRH6LZF3 20763 Release Notes <a href="https://x.com/chen9918b">chen</a> Kara Zaffarano <a href="https://www.linkedin.com/in/diyarsaadi/">Diyar Saadi</a> Tim Zheng Rudolf &quot;divVerent&quot; Polzer with <a href="https://www.google.com/">Google LLC</a> <a href="https://www.linkedin.com/in/diyarsaadi/">Diyar Saadi</a> <a href="https://x.com/qymag1c">QYmag1c</a> Matthew Selbrede <a href="https://patyk.lol/">PatRyk</a> <a href="https://www.linkedin.com/in/jad-ghamloush">Jad Ghamloush</a> <a href="https://github.com/r888800009">lin.yx</a> with <a href="https://www.chtsecurity.com/">CHT Security Co., Ltd.</a> <a href="https://www.linkedin.com/in/alasdair-gorniak/">Alasdair Gorniak</a> with <a href="https://delta.cyberm.ca/">Delta Obscura</a> <a href="https://www.linkedin.com/in/cristian-papa-aa4a38212/">Cristian-Iulian Papa</a> Anonymous 1.0 2026-02-10T08:00:00 <p>Information published.</p> 1.1 2026-02-12T08:00:00 <p>Added FAQ information. This is an informational change only.</p> 1.3 2026-02-12T08:00:00 <p>Added an FAQ and updated the CVSS score. This is an informational change only.</p> 2.0 2026-03-12T07:00:00 <p>To comprehensively address CVE-2026-20841, Microsoft has released February 2026 security updates for the Windows Notepad App. Microsoft recommends that customers install the update to be fully protected from the vulnerability.</p> GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The authentication feature could be bypassed as this vulnerability allows impersonation.</p> GitHub Copilot and Visual Studio Code Microsoft Yes CVE-2026-21518 Improper Neutralization of Special Elements used in a Command ('Command Injection') 11622 16782 Security Feature Bypass 11622 Security Feature Bypass 16782 Important 11622 Important 16782 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11622 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16782 Release Notes https://code.visualstudio.com/download 11622 Maybe Security Update 1.110.1 https://code.visualstudio.com/updates/v1_110 11622 Release Notes Release Notes https://code.visualstudio.com/Download 16782 Maybe Security Update 0.37.1 https://github.com/microsoft/vscode/ 16782 Release Notes Amol Dosanjh, Dre Cura (@dre_cura), and Nicholas Zubrisky (@NZubrisky) of TrendAI Research of Trend with https://www.zerodayinitiative.com/ <a href="https://www.linkedin.com/in/huseyintintas">H&#252;seyin TINTAŞ</a> with Kredi Kayıt B&#252;rosu Suryakant Dhakane 1.0 2026-02-10T08:00:00 <p>Information published.</p> 1.1 2026-02-27T08:00:00 <p>Download links fixed</p> 2.0 2026-04-01T07:00:00 <p>To comprehensively address the vulnerability, Microsoft has released a new security update for Visual Studio Code. Microsoft reccomends installing version 1.110.1 to be protected from this vulnerability.</p> Azure Arc Elevation of Privilege Vulnerability <p>Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Arc Microsoft No CVE-2026-24302 Improper Access Control 12068 Elevation of Privilege 12068 Critical 12068 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 8.6 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12068 <a href="https://www.linkedin.com/in/nikhilsahoo/">Nikhil Sahoo</a> with Microsoft 1.0 2026-02-05T08:00:00 <p>Information published.</p> 1.1 2026-04-10T07:00:00 <p>Acknowledgement added. This is an informational change only.</p>