Zero Day Initiative | Blog
Follow
The February 2026 Security Update Review
The post discusses the February 2026 Patch Tuesday updates from Adobe and Microsoft. Adobe released patches for various applications, with After Effects receiving the most significant update, fixing several critical bugs. None of Adobe's fixes were actively exploited or publicly known at the time of release. Microsoft's update addresses 62 CVEs across multiple products, and six are actively exploited, a higher-than-usual number. Several critical vulnerabilities are highlighted, including Windows Shell and Internet Explorer security bypasses, which could lead to code execution. The DWM elevation of privilege vulnerability makes a second consecutive appearance as an actively exploited vulnerability. A Windows Remote Desktop Services privilege escalation bug is also actively exploited. The post urges quick testing and deployment of these specific Microsoft patches. Microsoft also addressed vulnerabilities in Azure, .NET, Office, and other components. The high number of actively exploited bugs raises concerns about a resurgence of widespread exploitation.