Microsoft Patches Critical Zero-Day Vulnerabilities Under Active Exploitation in Windows and Office

Microsoft has released security patches addressing multiple critical vulnerabilities in Windows and Office that are currently being actively exploited by threat actors to compromise user systems. These exploits are classified as one-click attacks, requiring minimal user interaction for successful exploitation.

The vulnerabilities enable attackers to deploy malware or gain unauthorized access to victim systems through several attack vectors:

• Malicious link exploitation on Windows systems
• Compromised Office file execution
• Social engineering tactics leveraging user interaction

These security flaws are categorized as zero-day vulnerabilities, indicating that threat actors were exploiting them prior to Microsoft's patch availability. According to Microsoft's advisory, exploitation details have been publicly disclosed, significantly elevating the risk of widespread attacks. The company has not disclosed the specific publication sources, and declined to provide immediate comment on the matter.

Microsoft acknowledged contributions from security researchers at Google's Threat Intelligence Group in identifying these vulnerabilities.

Critical Vulnerability Details:

CVE-2026-21510 - Windows Shell Security Feature Bypass
This vulnerability affects the Windows shell component responsible for the operating system's user interface. The flaw impacts all currently supported Windows versions and allows attackers to bypass Microsoft's SmartScreen protection mechanism, which typically filters malicious links and files.

According to security researcher Dustin Childs, this vulnerability enables remote code execution (RCE) capabilities. "There is user interaction here, as the client needs to click a link or a shortcut file. Still, a one-click bug to gain code execution is a rarity," Childs noted in his analysis.

A Google spokesperson confirmed widespread, active exploitation of the Windows shell vulnerability, stating that successful attacks enable silent malware execution with elevated privileges, creating significant risks for:

• System compromise
• Ransomware deployment
• Intelligence collection operations

CVE-2026-21513 - MSHTML Security Feature Bypass
This vulnerability resides in Microsoft's proprietary MSHTML browser engine, which powered the legacy Internet Explorer browser. Despite Internet Explorer's discontinuation, MSHTML remains integrated in modern Windows versions to maintain backward compatibility with legacy applications.

This security flaw enables attackers to circumvent Windows security features and deploy malicious payloads on compromised systems.

According to independent security researcher Brian Krebs, Microsoft's February 2026 Patch Tuesday release addresses three additional zero-day vulnerabilities that were also under active exploitation.

Recommendation: Organizations and end-users should prioritize immediate deployment of these security updates to mitigate exploitation risks.