6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 Updates

SecurityWeekhas reached out to both Acros and CrowdStrike for information on the attacks exploiting the zero-days and will update this article if they respond.In addition to Windows and Office, Microsoft has patched vulnerabilities in Azure, Windows Defender, Exchange Server, .NET, GitHub Copilot, Edge, and Power BI.Related:Patch Tuesday: Adobe Fixes 44 Vulnerabilities in Creative AppsRelated:Russia’s APT28 Rapidly Weaponizes Newly Patched Office VulnerabilityRelated:SmarterTools Hit by Ransomware via Vulnerability in Its Own Product

In addition to Windows and Office, Microsoft has patched vulnerabilities in Azure, Windows Defender, Exchange Server, .NET, GitHub Copilot, Edge, and Power BI.Related:Patch Tuesday: Adobe Fixes 44 Vulnerabilities in Creative AppsRelated:Russia’s APT28 Rapidly Weaponizes Newly Patched Office VulnerabilityRelated:SmarterTools Hit by Ransomware via Vulnerability in Its Own Product

Related:Patch Tuesday: Adobe Fixes 44 Vulnerabilities in Creative AppsRelated:Russia’s APT28 Rapidly Weaponizes Newly Patched Office VulnerabilityRelated:SmarterTools Hit by Ransomware via Vulnerability in Its Own Product

Related:Russia’s APT28 Rapidly Weaponizes Newly Patched Office VulnerabilityRelated:SmarterTools Hit by Ransomware via Vulnerability in Its Own Product

Related:SmarterTools Hit by Ransomware via Vulnerability in Its Own Product

Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise.

SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats.

Source: SecurityWeek