惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
GRAHAM CLULEY
V
V2EX
WordPress大学
WordPress大学
博客园 - Franky
Last Week in AI
Last Week in AI
博客园 - 司徒正美
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 【当耐特】
V
Visual Studio Blog
C
CERT Recently Published Vulnerability Notes
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Jina AI
Jina AI
Attack and Defense Labs
Attack and Defense Labs
腾讯CDC
The Hacker News
The Hacker News
Hugging Face - Blog
Hugging Face - Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
J
Java Code Geeks
人人都是产品经理
人人都是产品经理
阮一峰的网络日志
阮一峰的网络日志
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
大猫的无限游戏
大猫的无限游戏
小众软件
小众软件
A
Arctic Wolf
量子位
博客园 - 聂微东
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
N
News and Events Feed by Topic
雷峰网
雷峰网
博客园_首页
Google Online Security Blog
Google Online Security Blog
Spread Privacy
Spread Privacy
罗磊的独立博客
H
Hacker News: Front Page
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
月光博客
月光博客
TaoSecurity Blog
TaoSecurity Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 三生石上(FineUI控件)
宝玉的分享
宝玉的分享
IT之家
IT之家
The Cloudflare Blog
爱范儿
爱范儿
博客园 - 叶小钗
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Apple Machine Learning Research
Apple Machine Learning Research
酷 壳 – CoolShell
酷 壳 – CoolShell

The Register - Security: Patches

Cisco SD-WAN make-me-root bug under attack Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9 AI is making Patch Tuesday (kinda) fun again Anthropic to release Mythos-class models to the public Clear your calendar, Drupal user: You have a critically urgent patch to install Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs Critical cPanel, WHM flaw probs exploited as 0-day, pros say Microsoft patch fell short. New Windows flaw exploited More Cisco SD-WAN bugs battered in attacks Critical Fortinet sandbox bugs allow auth bypass and RCE Ancient Excel bug comes out of retirement for active attacks Microsoft's massive Patch Tuesday: It's raining bugs Ransomware scum, other crims exploit 4 old Microsoft bugs Attackers exploited the FortiClient EMS bug as a 0-day Citrix NetScaler bug may be multiple flaws in one Ransomware crims abused Cisco 0-day weeks before disclosure Google rushes Chrome update to fix zero-days under attack CISA warns max-severity n8n bug is being exploited in the wild Cisco warns of two more SD-WAN bugs under active attack LexisNexis Legal & Professional confirms data breach Five Eyes warn: Patch your Cisco SD-WAN or risk root takeover Patch these 4 critical, make-me-root SolarWinds bugs ASAP Attacker gets into France's DB listing all bank accounts CISA gives feds 3 days to patch actively exploited Dell bug CISA gives feds 3 days to patch actively exploited Dell bug Google fixes exploited Chrome CSS zero-day Critical Microsoft bug from 2024 under exploitation Apple patches decade-old iOS zero-day exploited in the wild Microsoft's Valentine's gift to admins: 6 zero-day fixes Critical SolarWinds Web Help Desk bug under attack Critical React Native Metro dev server bug under attack Critical React Native Metro dev server bug under attack OpenClaw patches one-click RCE as security Whac-A-Mole continues Ivanti's January bad luck continues as 0-days hit customers Critical VMware vCenter Server bug under attack Critical VMware vCenter Server bug under attack FortiGate SSO bug still exploitable despite December patch Ancient telnet bug happily hands out root to attackers Cisco plugs up Unified Comms zero-day under active exploit Cloudflare whacks WAF bypass bug that opened side door Cloudflare whacks WAF bypass bug that opened side door Anthropic quietly fixed flaws in its Git MCP server Sorry Dave, I’m afraid I can’t do that! PCs refuse to shut down after Microsoft patch Patch Tuesday update makes Windows PCs refuse to shut down Cisco finally fixes max-severity bug under active attack for weeks Cisco finally fixes max-severity bug under attack for weeks Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm Python libraries in AI/ML models can be poisoned w metadata Python libraries in AI/ML models can be poisoned w metadata Ruh-roh, there's a Cisco ISE bug POC on the loose Ruh-roh, there's a Cisco ISE bug POC on the loose CISA flags exploited Office relic alongside fresh HPE flaw Critical n8n bug allows unauthenticated server takeover Logitech mouse mayhem traced to expired dev certificate 'Heartbleed of MongoDB' under active exploit Microsoft fixes Message Queuing issue in new update Microsoft fixes Message Queuing issue in new update Critical-rated WatchGuard Firebox flaw under active attack HPE OneView RCE bug scores a perfect 10 Apple, Google forced to issue emergency 0-day patches Microsoft RasMan DoS 0-day gets unofficial patch - and a working exploit Microsoft RasMan 0-day gets an unofficial patch and exploit New React vulns leak secrets, invite DoS attacks Google fixes super-secret 8th Chrome 0-day Microsoft fixes Windows shortcut flaw exploited for years Microsoft fixes Windows shortcut flaw exploited for years Two Android 0-day bugs patched, plus 105 more fixes Fortinet finally cops to critical bug under active exploit Cisco warns of 'new attack variant' battering firewalls Docker Compose vulnerability opens door to host-level writes Microsoft issues out-of-band patch for critical WSUS flaw Vulnerable Rust crate exposes uv Python packager Oracle rushes out another emergency E-Business Suite patch 50K Cisco firewalls remain vulnerable to advanced attacks Exploits using GoAnywhere perfect-10 bug confirmed Critical Cisco firewall holes under active attack SonicWall releases rootkit-busting firmware update SolarWinds patches critical RCE - for the third time Fortra discloses 10/10 severity bug in GoAnywhere MFT OpenAI plugs ShadowLeak bug in ChatGPT Google pushes emergency patch for Chrome 0-day Apple backports patch to older kit after 0-day exploitation
Microsoft's Valentine's gift to admins: 6 zero-day fixes
Jessica Lyons Jessica Lyons · 2026-02-11 · via The Register - Security: Patches

Patches

Roses are red, violets are blue ... now get patching

What better way to say I love you than with an update? Attackers exploited a whopping six Microsoft bugs as zero-days prior to Redmond releasing software fixes on February's Patch Tuesday.

For comparison, last month we saw just one Windows vulnerability under attack before the January Patch Tuesday fix.

Of course, then there's also the emergency patches released because the first try didn't plug the security hole - but that's a different story.

As always, Microsoft did not provide any additional details about who attacked these six flaws and how widespread exploitation may be. But considering that three of the six are also listed as publicly disclosed - meaning there may already be proof-of-concept exploits floating around the internet - we expect to see more reports (and details) about active exploitation soon. 

Here's what we do know about the six CVEs under attack, and you can read about all 59 Microsoft CVEs here.

Windows Shell Security Feature Bypass Vulnerability (CVE-2026-21510): Exploiting this bug, which received an 8.8 CVSS rating, requires an attacker to convince a user to open a malicious link or shortcut file - but we all know that most people will click on just about anything, so that's not difficult to pull off. Once the user opens the malicious link, the attacker can bypass Windows SmartScreen and Windows Shell security prompts to execute code on the victim's system without user warning or consent.

As Trend Micro Zero Day Initiative's Dustin Childs warns, "this bug is listed as a security feature bypass, but it could also be classified as code execution ... Definitely test and deploy this fix quickly."

In addition to being marked "exploitation detected," Microsoft lists this bug as being publicly disclosed.

Internet Explorer Security Feature Bypass Vulnerability (CVE-2026-21513): This bug also received an 8.8 CVSS rating, is under attack and publicly known, and could lead to remote code execution (RCE). It's another flaw where the attacker needs to convince a user to open a malicious HTML file or shortcut (.lnk) file delivered through a link, email attachment, or download. After the user clicks on the link, however, it's game over.

"The specially crafted file manipulates browser and Windows Shell handling, causing the content to be executed by the operating system," Redmond explained. "This allows the attacker to bypass security features and potentially achieve code execution."

The potential silver lining: since Internet Explorer on Windows support ended years ago, in 2022, hopefully there're not a whole lot of people still using this retired browser.

Microsoft Word Security Feature Bypass Vulnerability (CVE-2026-21514): The theme of February's Patch Tuesday does seem to be about bypassing security features, and this flaw that's also publicly known is another example. This flaw received a 7.8 CVSS and all it requires is a user to open a malicious Office file, thus giving the attacker access to COM (Component Object Model) and OLE (Object Linking and Embedding) controls, which can be abused for RCE. Luckily, the Preview Pane is not an attack vector. 

Desktop Window Manager Elevation of Privilege Vulnerability (CVE-2026-21519): This one wasn't disclosed prior to the software update, and that's good because an attacker who exploits this bug can gain SYSTEM privileges. It received a 7.8 CVSS rating.

As Childs notes, "This is the second month in a row that a DWM was listed as being exploited in the wild. That leads me to believe the first patch didn't completely resolve the vulnerability." 

Windows Remote Access Connection Manager Denial of Service Vulnerability (CVE-2026-21525): This 6.2-rated bug is triggered by a null pointer dereference in Windows Remote Access Connection Manager that allows an unauthorized attacker to deny service locally.

Windows Remote Desktop Services Elevation of Privilege Vulnerability (CVE-2026-21533): Another bad bug that allows an authorized attacker to elevate privileges locally and then run code with SYSTEM privileges. It received a 7.8 CVSS and Microsoft said it's due to improper privilege management in Windows Remote Desktop. ®