嗯,用户让我总结一下这篇文章的内容,控制在100个字以内,而且不需要用“文章内容总结”之类的开头。直接写描述就行。好的,首先我得仔细阅读这篇文章,理解它的主要内容。 这篇文章看起来是关于微软在2026年2月的补丁星期二活动中修复了54个CVE漏洞。其中有六个零日漏洞被利用,还有三个公开披露的漏洞。微软修复了这些漏洞,其中两个被评为关键级别,51个重要,一个中等。他们还提到了一些具体的漏洞细节,比如CVE-2026-21510影响Windows Shell,CVE-2026-21533影响远程桌面服务等等。 接下来,我需要把这些信息浓缩到100字以内。重点包括:微软修复了54个CVE,其中六个零日漏洞和三个公开披露的漏洞;涉及多个产品如Windows、Office、Azure等;漏洞类型主要是权限提升和远程代码执行;建议尽快修补系统。 现在把这些要点组织成一句话或两句话,确保简洁明了。同时要注意不要使用“文章内容总结”这样的开头词。 可能的结构是:微软在2月补丁星期二修复了54个漏洞,包括六个零日和三个公开披露的 CVE;涉及Windows、Office、Azure 等产品;主要为权限提升和远程代码执行;建议及时修补。 检查一下字数是否在限制内,并确保所有关键信息都被涵盖。 </think> 微软在2月补丁星期二修复了54个CVE漏洞,包括六个零日和三个公开披露的 CVE;涉及Windows、Office、Azure 等产品;主要为权限提升和远程代码执行;建议及时修补以降低风险。 2026-2-10 18:55:45 Author: www.tenable.com(查看原文) 阅读量:3 收藏
February 10, 2026
5 Min Read
- 2Critical
- 51Important
- 1Moderate
- 0Low
Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild and three publicly disclosed CVEs.
Microsoft patched 54 CVEs in its February 2026 Patch Tuesday release, with two rated critical, 51 rated as important and one rated as moderate. We omitted one vulnerability from our counts this month, CVE-2023-2804, a heap based overflow vulnerability in the libjpeg-turbo component.
This month’s update includes patches for:
- .NET
- .NET and Visual Studio
- Azure Arc
- Azure Compute Gallery
- Azure DevOps Server
- Azure Front Door (AFD)
- Azure Function
- Azure HDInsights
- Azure IoT SDK
- Azure Local
- Azure SDK
- Desktop Window Manager
- Github Copilot
- GitHub Copilot and Visual Studio
- Internet Explorer
- Mailslot File System
- Microsoft Defender for Linux
- Microsoft Edge for Android
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office Word
- Power BI
- Role: Windows Hyper-V
- Windows Ancillary Function Driver for WinSock
- Windows App for Mac
- Windows Cluster Client Failover
- Windows Connected Devices Platform Service
- Windows GDI+
- Windows HTTP.sys
- Windows Kernel
- Windows LDAP - Lightweight Directory Access Protocol
- Windows Notepad App
- Windows NTLM
- Windows Remote Access Connection Manager
- Windows Remote Desktop
- Windows Shell
- Windows Storage
- Windows Subsystem for Linux
- Windows Win32K - GRFX
Elevation of privilege (EoP) vulnerabilities accounted for 42.6% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 20.4%.
CVE-2026-21510 | Windows Shell Security Feature Bypass Vulnerability
CVE-2026-21510 is a security feature bypass vulnerability affecting Windows Shell. It was assigned a CVSSv3 score of 8.8 and was rated as important. According to Microsoft, this flaw was publicly disclosed prior to a patch being made available and was also exploited in the wild as a zero-day. Exploitation requires an attacker to convince an unsuspecting user to open a malicious link or shortcut file. This would allow the attacker to bypass Windows SmartScreen and Windows Shell warnings by exploiting a flaw in Windows Shell components.
CVE-2026-21533 | Windows Remote Desktop Services Elevation of Privilege Vulnerability
CVE-2026-21533 is an EoP vulnerability affecting Windows Remote Desktop Services. It was assigned a CVSSv3 score of 7.8, rated as important and was reportedly exploited in the wild. Successful exploitation allows a local, authenticated attacker to elevate to SYSTEM privileges.
CVE-2026-21519 | Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-21519 is an EoP vulnerability affecting Desktop Window Manager, a Windows service used to render the graphical user interface (GUI) in Windows. It was assigned a CVSSv3 score of 7.8 and rated as important. A local, authenticated attacker could exploit this vulnerability to elevate to SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.
CVE-2026-21514 | Microsoft Word Security Feature Bypass Vulnerability
CVE-2026-21514 is a security feature bypass vulnerability affecting Microsoft Word. It was assigned a CVSSv3 score of 7.8 and rated as important. Successful exploitation requires an attacker to convince a user to open a crafted Office file. According to the Microsoft advisory, the preview pane is not an attack vector. This vulnerability was publicly disclosed prior to a patch being made available and was also exploited in the wild as a zero-day. Microsoft credited the discovery of this vulnerability to an Anonymous researcher, Google Threat Intelligence Group, Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) and Office Product Group Security Team.
CVE-2026-21525 | Windows Remote Access Connection Manager Denial of Service Vulnerability
CVE-2026-21525 is a denial of service (DoS) vulnerability affecting Windows Remote Access Connection Manager (also known as RasMan), a tool used for the management of multiple remote desktop connections. It was assigned a CVSSv3 score of 6.2, was rated as important and was exploited in the wild. While no information has been released about the exploitation of this DoS, the advisory credits the 0patch vulnerability research team for reporting this flaw.
CVE-2026-21513 | MSHTML Framework Security Feature Bypass Vulnerability
CVE-2026-21513 is a security feature bypass vulnerability in the MSHTML Framework. It was assigned a CVSSv3 score of 8.8 and rated as important. According to Microsoft, it was both exploited in the wild and publicly disclosed prior to a patch being available. Successful exploitation of this flaw requires an attacker to convince a potential victim into opening either a malicious HTML file or a shortcut (.lnk) file. Like similar security feature bypass flaws, this vulnerability can bypass protection prompts that would caution a user before opening a file.
CVE-2026-21511 | Microsoft Outlook Spoofing Vulnerability
CVE-2026-21511 is a spoofing vulnerability affecting Microsoft Outlook. It was assigned a CVSSv3 score of 7.5 and was rated as important. The spoofing vulnerability is the result of a deserialization of untrusted data flaw, which an attacker can trigger using a crafted email. Microsoft notes that the preview pane is an attack vector for this flaw. CVE-2026-21511 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index.
Tenable Solutions
A list of all the plugins released for Microsoft’s February 2026 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.
For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.
Get more information
- Microsoft's February 2026 Security Updates
- Tenable plugins for Microsoft February 2026 Patch Tuesday Security Updates
Join Tenable's Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Research Special Operations
The Research Special Operations (RSO) team serves as Tenable’s Forward Logistics Element in the threat landscape, providing customers with the analyses and contextualized exposure intelligence required to manage risks to critical business assets. With over 150 years of collective expertise, this hand-picked group of world-class security researchers is united with one mission: to cut through the noise and deliver critical intelligence about the most dangerous cyber threats emerging right now. Uniting the missions of the Tenable Security Response, Zero-Day Research, and Decision Science Operations teams, RSO disseminates timely, accurate, and actionable information about the latest threats and exposures.
- Exposure Management
Cybersecurity news you can use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
如有侵权请联系:admin#unsafe.sh