MS Family February 2026 Routine Security Update Advisory
Overview
Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. users of affected products are advised to update to the latest version.
Affected Products
Apps family
Windows Notepad
Azure Family
Azure AI Language Authoring
Azure DevOps Server 2022
Azure HDInsight
Azure IoT Explorer
Azure Local
Microsoft ACI Confidential Containers
Developer Tools suite
.NET 10.0 installed on Linux
.NET 10.0 installed on Mac OS
.NET 10.0 installed on Windows
.NET 8.0 installed on Linux
.NET 8.0 installed on Mac OS
.NET 8.0 installed on Windows
.NET 9.0 installed on Linux
.NET 9.0 installed on Mac OS
.NET 9.0 installed on Windows
Microsoft Visual Studio 2022 version 17.14
Microsoft Visual Studio 2022 version 18.3
Visual Studio Code
ESU Family
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 14
Microsoft Exchange Server 2019 Cumulative Update 15
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Microsoft Office Suite
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC for Mac 2024
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Office Online Server
Other Suites
GitHub Copilot Plugin for JetBrains IDEs
SQL Server Family
Power BI Report Server
Server Software Suite
Microsoft Exchange Server Subscription Edition RTM
System Center Suite
Microsoft Defender for Endpoint for Linux
Windows Family
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows 11 Version 25H2 for ARM64-based Systems
Windows 11 Version 25H2 for x64-based Systems
Windows 11 Version 26H1 for ARM64-based Systems
Windows 11 version 26H1 for x64-based Systems
Windows App for Mac
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2025
Windows Server 2025 (Server Core installation)
Resolved Vulnerabilities
2 vulnerabilities rated Critical and 52 vulnerabilities rated Important were found.
Apps family
Critical-rated remote code execution vulnerability in the Windows Notepad app (CVE-2026-20841)
Azure family
Critical escalation of privilege vulnerability in Azure Compute Gallery (CVE-2026-21522)
Critical information disclosure vulnerability in Azure Compute Gallery (CVE-2026-23655)
Critical-grade spoofing vulnerability in Azure DevOps Server (CVE-2026-21512)
Critical-grade spoofing vulnerability in Azure HDInsights (CVE-2026-21529)
Critical information disclosure vulnerability in Azure IoT SDK (CVE-2026-21528)
Critical remote code execution vulnerability in Azure Local (CVE-2026-21228)
Critical remote code execution vulnerability in Azure SDK (CVE-2026-21531)
Developer Tools suite
Critical spoofing vulnerability in .NET (CVE-2026-21218)
Critical security feature bypass vulnerability in GitHub Copilot and Visual Studio Code (CVE-2026-21518)
Critical elevation of privilege vulnerability in GitHub Copilot and Visual Studio (CVE-2026-21257)
Critical remote code execution vulnerability in GitHub Copilot and Visual Studio (CVE-2026-21523, CVE-2026-21256)
Microsoft Office Suite
Critical elevation of privilege vulnerability in Microsoft Office Excel (CVE-2026-21259)
Critical information disclosure vulnerabilities in Microsoft Office Excel (CVE-2026-21258, CVE-2026-21261)
Critical spoofing vulnerabilities in Microsoft Office Outlook (CVE-2026-21260, CVE-2026-21511)
Critical security feature bypass vulnerability in Microsoft Office Word (CVE-2026-21514)
Other Products
Critical remote code execution vulnerability in Github Copilot (CVE-2026-21516)
SQL Server Family
Critical remote code execution vulnerability in Power BI (CVE-2026-21229)
Server Software Suite
Critical spoofing vulnerability in Microsoft Exchange Server (CVE-2026-21527)
System Center Family
Critical remote code execution vulnerability in Microsoft Defender for Linux (CVE-2026-21537)
Windows family
Critical elevation of privilege vulnerability in Desktop Window Manager (CVE-2026-21519)
Critical Security Feature Bypass Vulnerability in MSHTML Framework (CVE-2026-21513)
Critical elevation of privilege vulnerability in Mailslot File System (CVE-2026-21253)
Critical elevation of privilege vulnerability in Microsoft Graphics Component (CVE-2026-21246, CVE-2026-21235)
Role: Critical Security Feature Bypass Vulnerability in Windows Hyper-V (CVE-2026-21255)
Role: Critical Remote Code Execution Vulnerability in Windows Hyper-V (CVE-2026-21248, CVE-2026-21247, CVE-2026-21244)
Critical elevation of privilege vulnerabilities in Windows Ancillary Function Driver for WinSock (CVE-2026-21236, CVE-2026-21241, CVE-2026-21238)
Critical elevation of privilege vulnerability in Windows App for Mac (CVE-2026-21517)
Critical elevation of privilege vulnerability in Windows Cluster Client Failover (CVE-2026-21251)
Critical elevation of privilege vulnerability in Windows Connected Devices Platform Service (CVE-2026-21234)
Critical denial of service vulnerability in Windows GDI+ (CVE-2026-20846)
Critical elevation of privilege vulnerabilities in Windows HTTP.sys (CVE-2026-21250, CVE-2026-21240, CVE-2026-21232)
Critical elevation of privilege vulnerabilities in Windows Kernel (CVE-2026-21239, CVE-2026-21231, CVE-2026-21245)
Critical information disclosure vulnerability in the Windows Kernel (CVE-2026-21222)
Critical denial of service vulnerability in Windows LDAP – Lightweight Directory Access Protocol (CVE-2026-21243)
Critical spoofing vulnerability in Windows NTLM (CVE-2026-21249)
Moderate denial of service vulnerability in Windows Remote Access Connection Manager (CVE-2026-21525)
Critical elevation of privilege vulnerability in Windows Remote Desktop (CVE-2026-21533)
Critical security feature bypass vulnerability in Windows Shell (CVE-2026-21510)
Critical elevation of privilege vulnerability in Windows Storage (CVE-2026-21508)
Critical elevation of privilege vulnerabilities in Windows Subsystem for Linux (CVE-2026-21242, CVE-2026-21237)
Critical remote code execution vulnerability in Windows Win32K – GRFX (CVE-2023-2804)
Vulnerability Patches
The following product-specific Vulnerability Patches were made available with the February 10, 2026 Update. Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.