Six of the 59 vulnerabilities Microsoft revealed in its most recent security update are already being actively exploited by attackers, so security teams should view February's Patch Tuesday as more of an active defense exercise than merely routine maintenance. Three of the six zero-day vulnerabilities are security feature bypass flaws in various Microsoft products, which is especially concerning for businesses as it allows attackers to circumvent the defenses that are in place. Microsoft highlighted its urgency by issuing an out-of-band for one of the zero-days.

Elevation-of-privilege vulnerabilities, which give an attacker administrator-level access to compromised systems, account for two of the remaining actively exploited vulnerabilities. The other vulnerability permits denial-of-service attacks.

Microsoft evaluated five additional CVEs it revealed this week as vulnerabilities that attackers are "more likely" to exploit, if that wasn't enough to keep administrators occupied. Related:Fortinet Verifies New Zero-Day Behind Malicious SSO Logins CVE-2026-21519 (CVSS 6.2) and CVE-2026-21533 Both give attackers the ability to elevate their system privileges to administrator-level access. Windows Remote Access Connection Manager's CVE-2026-21525 (CVSS 6.2) vulnerability enables a local denial-of-service attack.

According to a prepared statement from Ryan Braunstein, security manager at Automox, "An attacker with a foothold as a standard, non-admin user can run a small script that crashes the RAS manager service." He pointed out that "the attack requires no elevated privileges and can be triggered after initial access through phishing or a malicious browser extension."

"Its potential for disruption is significant," Braunstein continued, even though the vulnerability does not allow for code execution or data theft.