0-Day Vulnerabilities in Microsoft Six zero-day vulnerabilities that impact Microsoft products have been added to the U.S This article explores vulnerabilities microsoft. . Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) Catalog in an urgent effort to increase its scope.

This action highlights the growing dangers posed by nation-state actors and cybercriminals who are actively taking advantage of these vulnerabilities in the wild. Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are now required to patch by the dates specified by CISA. Additionally, CISA encourages all organizations to give remediation top priority in order to reduce widespread risks. Find out more Tools for ethical hacking Windows security software that detects malware In 2022, BOD 22-01 created the KEV Catalog, which is a prioritized list of CVEs that represent a "significant risk" to federal networks.

Threat intelligence, incident response trigger additions, and vendor reports all provide proof of active exploitation. These six entries draw attention to enduring weaknesses in the Microsoft ecosystem that serve as key points of attack for lateral movement, ransomware, and espionage. Microsoft Windows Shell Protection Mechanism Failure Affects Windows Shell, allowing unauthorized attackers to circumvent security features over a network.

This is one of six Microsoft 0-Day Vulnerabilities (CVE-2026-21510). Although the CVSS score is still pending, exploitation allows RCE through specially created files or network payloads. For first access, attackers use social engineering in conjunction with this. Microsoft MSHTML Framework CVE-2026-21513 A flaw in the MSHTML engine allows for remote security feature circumvention.

Even though Internet Explorer has been deprecated, users are still exposed by legacy integrations in Edge and Office. Exploits, which are seen in phishing campaigns aimed at businesses, involve malicious web content that corrupts memory.

CVE-2026-21514: Microsoft Office Word Dependency on Untrusted Inputs Word's parsing incorrectly handles untrusted inputs, which causes local privilege escalation. Attackers circumvent Protected View by delivering via malicious.docx files. In recent APT operations, this has encouraged document-based malware droppers.

CVE-2026-21519: Local privilege escalation is made possible by a Microsoft Windows Type Confusion Desktop Window Manager (DWM) type confusion vulnerability. After initial footholds, post-exploitation chains frequently exploit for SYSTEM-level access by authorized users (e.g., low-priv accounts). CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Remote Access Connection Manager experiences a NULL pointer dereference, resulting in local denial-of-service (DoS). Although it isn't RCE, it interferes with remote access and VPN, which helps with DoS-for-ransom or divert attention from more serious attacks.

CVE-2026-21533: Remote Desktop Services for Windows Through incorrect handling, a vulnerability in RDS permits local privilege escalation.

Exploits that give attackers administrator rights on compromised endpoints are essential for remote work environments because they allow for persistence and lateral movement. In February 2026, Microsoft released patches. Patch Tuesday, validating evidence of public exploits.

Complete information can be found in CVE records and CISA's KEV Catalog. Find out more Control of computer access Features of a security author Cybersecurity There is a pattern to these zero-days: According to CISA data, Microsoft was the target of 80% of 2025 KEV additions. They are used by malicious actors, such as Chinese state-sponsored organizations like Salt Typhoon, to compromise supply chains and exfiltrate data. Systems that are not patched run the risk of being automatically scanned by programs like Shodan, which increases the speed of breaches.

FCEB remediation must be completed within weeks, according to BOD 22-01; non-compliance puts audits at risk. KEV should be incorporated into vulnerability management tools in the private sector. Take immediate action by using Intune or WSUS to apply Microsoft patches.

Turn on automatic updates. Detection: Use EDR to look for IOCs (e.g., Defender indicators from MSRC). GitHub is seeing the emergence of YARA rules for exploit patterns.

Mitigations include auditing Office macros, disabling RDS when not in use, and enforcing AppLocker. Networks should be divided according to Zero Trust. Long-Term: Use behavioral analytics to transition to endpoint detection response (EDR); perform red-team exercises that mimic KEV chains. The CISA catalog is updated every week and currently has over 1,200 entries.

X for daily cybersecurity updates, LinkedIn, and recent breaches like the 2025 Change Healthcare hack, which was caused by unpatched KEVs, are more likely to affect organizations that ignore it. To have your stories featured, get in touch with us.