Microsoft Patches Critical Zero-Day Vulnerabilities in February Update
Microsoft Patches Critical Zero-Day Vulnerabilities in February Update
On February 13, 2026, Microsoft issued its February Patch Tuesday update, addressing six critical zero-day vulnerabilities that were actively exploited in the wild. Notably, vulnerabilities affecting Windows Shell and MSHTML were among those patched, with CVSS scores reaching as high as 8.8, highlighting their severity. Users are urged to apply these patches immediately to secure their systems against potential exploitation.
Additionally, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) identified a critical remote code execution vulnerability in Microsoft Configuration Manager (CVE-2024-43468). This flaw is currently being exploited, and CISA mandates that federal agencies apply patches by March 5, 2026, to prevent possible attacks.
In related news, the repercussions of the Conduent ransomware attack from January 2025 have widened, affecting around 25 million individuals and involving the exposure of sensitive information like Social Security numbers and medical records. Conduent now faces multiple lawsuits as the impact of the breach becomes clearer.
Lastly, a pre-authentication remote code execution vulnerability in BeyondTrust’s Remote Support and Privileged Remote Access products (CVE-2026-1731) has been reported as actively exploited, prompting urgent patching measures from affected organizations. Meanwhile, Betterment revealed a data breach affecting 1.4 million accounts, although no login credentials were compromised, providing some reassurance to its customers.
The significant number of vulnerabilities and breaches reported today underscores the ongoing challenges faced by organizations in securing their systems and protecting sensitive information.
Also In Security Today
- CISA Critical Flaws Identified: CISA has flagged a remote code execution vulnerability in Microsoft Configuration Manager (CVE-2024-43468), requiring federal agencies to apply patches by March 5, 2026, to mitigate risks. Read more
- Conduent Ransomware Attack Update: The fallout from Conduent’s January 2025 ransomware incident now affects 25 million individuals, with sensitive data exposure leading to multiple lawsuits against the company. Read more
- BeyondTrust Vulnerability: A critical pre-authentication vulnerability (CVE-2026-1731) in BeyondTrust’s products is being actively exploited, necessitating immediate patching by affected organizations. Read more
- Betterment Data Breach: Automated investment platform Betterment disclosed a data breach affecting 1.4 million accounts, with no login credentials compromised, ensuring customer account security remains intact. Read more