- CVE-2026-21510 — Home windows Shell — Safety function bypass (CVSS 8.8); circumvents SmartScreen and Shell warnings by way of malicious hyperlink or shortcut file. Publicly disclosed and actively exploited.
- CVE-2026-21513 — MSHTML Framework — Safety function bypass (CVSS 8.8); the MSHTML rendering engine stays lively in Home windows, even when IE just isn’t the default browser, together with via IE mode in Edge. Publicly disclosed and actively exploited.
- CVE-2026-21519 — Desktop Window Supervisor — Elevation of privilege (CVSS 7.8); kind confusion permitting SYSTEM escalation. Actively exploited.
- CVE-2026-21533 — Home windows Distant Desktop Providers — Elevation of privilege (CVSS 7.8); improper privilege administration permitting SYSTEM escalation. Actively exploited.
- CVE-2026-21525 — Home windows Distant Entry Connection Supervisor — Denial of service (CVSS 6.2); null pointer dereference. Actively exploited.
CISA has added all six actively exploited vulnerabilities to the Identified Exploited Vulnerabilities catalog with an enforcement deadline of March 3. Extra Home windows elements receiving updates embody the Ancillary Operate Driver (afd.sys), HTTP protocol stack (http.sys), Hyper-V, Safe Boot, LDAP, and GDI+ — none important or actively exploited, however the breadth of modifications warrants testing earlier than broad deployment.
With actively exploited vulnerabilities and a CISA deadline of March 3, it is a Patch Now launch for Home windows; confirmed in-the-wild exploitation throughout Shell, MSHTML, DWM, Distant Desktop, and Distant Entry leaves little room for delay.
Microsoft Workplace
Microsoft launched safety updates for Phrase 2016 (KB5002839), Excel 2016 (KB5002837), and Workplace 2016 (KB5002713), alongside updates for SharePoint Server 2016, 2019, Subscription Version, and Workplace On-line Server. These updates apply to MSI-based installations solely and don’t apply to Click on-to-Run deployments reminiscent of Microsoft 365:
