Microsoft released its February Patch Tuesday updates, addressing a total of 59 security flaws across various products. This month’s release is notably smaller than January’s, which had 159 patches. Out of these, six vulnerabilities are actively being exploited in the wild. Most of these critical issues impact Azure services rather than Windows itself, though Windows and Office also received urgent patches.

Key Vulnerabilities and Exploits

The six actively exploited CVEs affect Windows Shell, MSHTML, Desktop Window Manager, Remote Desktop, Remote Access, and Microsoft Word. All five of these critical vulnerabilities are targeted at Azure services, not Windows directly. Microsoft recommends patching both Windows and Office immediately to prevent potential breaches.

Security authorities, including CISA, have set a deadline of March 3 for organizations to apply these patches. Two additional security enforcement timelines go into effect in April, covering the deprecation of Kerberos RC4 and hardening Windows Deployment Services. These steps aim to improve overall system security and prevent future exploits.

Known Issues and Fixes

This month’s updates are relatively smooth compared to January, which faced several issues. Microsoft states that the KB articles for Windows 11 25H2/24H2, Windows 11 23H2, and Windows 10 22H2 explicitly mention no current known issues. However, some ongoing problems remain, including errors with Windows Server Update Services and Windows Update Standalone Installer.

The WSUS error, which has prevented error reporting since October 2025, still lacks a fix. Synchronization errors continue, and Microsoft has not announced a remediation plan. Additionally, WUSA fails to install certain network-shared updates, but this issue has been mitigated with a rollback policy.

On the positive side, several problems from January have been resolved in this month’s updates. For example, fixes have been rolled out for Windows Secure Launch issues on Intel processors, which previously caused devices to restart instead of powering off. Microsoft also addressed problems with OneDrive and Outlook hanging during file operations, which had required emergency out-of-band patches earlier this year.

Security and Operational Improvements

One significant security update this month patched a zero-day vulnerability in Microsoft Office. CVE-2026-21509 was a security feature bypass that allowed attackers to bypass OLE protections. This was the only major security revision outside the regular update cycle this month.

Overall, Microsoft’s February updates focused on patching actively exploited flaws and improving stability. While some known issues remain, the majority of users can expect to see a more stable update cycle this month. Organizations are encouraged to deploy patches promptly to stay protected from emerging threats and vulnerabilities.

Inspired by

• https://www.computerworld.com/article/4132333/februarys-patch-tuesday-release-fixes-59-flaws-including-6-being-exploited.html

Sources

• applicationreadiness.com
• microsoft.com
• microsoft.com
• cisa.gov
• microsoft.com