WASHINGTON, February 13, 2026 — Microsoft is scrambling to patch 58 vulnerabilities across its widely used software, including a particularly alarming six zero-day exploits currently under active attack. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a firm deadline of March 3 for federal agencies to apply these critical updates.
Urgent Updates Address Actively Exploited Flaws
Microsoft’s February Patch Tuesday addresses a significant wave of security risks, demanding immediate attention from users and IT professionals alike.
- The update addresses 58 vulnerabilities in total.
- Six of these vulnerabilities are zero-day exploits, meaning they were actively being exploited before a patch was available.
- Affected products include Windows, Microsoft Office, and the Remote Desktop Protocol (RDP).
- CISA has mandated federal agencies apply the updates by March 3.
These vulnerabilities span a broad range of Microsoft products, with Windows, Office, and the Remote Desktop Protocol (RDP) being particularly affected. A zero-day vulnerability is especially concerning because attackers can exploit it before developers have a chance to release a fix, leaving systems exposed. Addressing these flaws is crucial for maintaining system security and protecting against potential breaches.
What are Zero-Day Vulnerabilities?
Zero-day vulnerabilities represent a critical threat to cybersecurity. They are flaws in software that are unknown to the vendor, meaning there is no patch available when the vulnerability is first exploited. This gives attackers a window of opportunity to compromise systems before defenses can be put in place.
What is the primary concern with these updates? Microsoft’s February Patch Tuesday fixes six zero-day vulnerabilities that are currently under attack, posing an immediate risk to users. The vulnerabilities allow for remote code execution, potentially giving attackers control over affected systems.
Affected Products and Severity
The vulnerabilities impact a wide array of Microsoft products. Windows remains a primary target, with several critical vulnerabilities identified. Microsoft Office is also affected, potentially exposing users to risks through malicious documents. RDP, a common tool for remote access, also contains vulnerabilities that could allow attackers to gain unauthorized access to systems.
CISA’s directive underscores the severity of these vulnerabilities. The agency’s March 3 deadline for federal agencies highlights the urgency of applying these updates to protect critical infrastructure and sensitive data. Organizations beyond the federal government are strongly encouraged to prioritize these updates as well.
