Microsoft Patches Actively Exploited Zero-Day in Windows Shell (CVE-2026-21510)
Microsoft’s February 2026 Patch Tuesday addressed a critical zero-day vulnerability in Windows Shell, tracked as CVE-2026-21510, which is under active exploitation. The flaw, rated 8.8 (Important) on the CVSS scale, allows attackers to bypass security protections in Windows, enabling malicious code execution without user warnings.
The vulnerability resides in how Windows Shell processes certain file types, specifically evading the "Mark of the Web" feature Microsoft’s mechanism that triggers SmartScreen and user prompts for untrusted files downloaded from the internet. By crafting malicious shortcuts or links, attackers can execute arbitrary code silently when a user interacts with the file, circumventing standard security checks.
Affected systems include a broad range of Windows versions:
- Windows 10: 1607, 1809, 21H2, 22H2
- Windows 11: 23H2, 24H2, 25H2, 26H1
- Windows Server: 2012, 2012 R2, 2016, 2019, 2022, 2025
Microsoft confirmed the flaw’s exploitation in the wild, urging immediate patching via Windows Update (released February 10, 2026). The discovery was credited to researchers from Microsoft Threat Intelligence Center (MSTIC) and Google Threat Intelligence Group, underscoring its severity and cross-industry scrutiny.
Source: https://cybersecuritynews.com/windows-shell-security-feature-0-day/
Microsoft cybersecurity rating report: https://www.rankiteo.com/company/Microsoft
"id": "MIC1770796415",
"linkid": "Microsoft",
"type": "Vulnerability",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Software',
'location': 'Global',
'name': 'Microsoft',
'type': 'Technology Company'}],
'attack_vector': 'Malicious shortcuts or links',
'customer_advisories': 'Users urged to apply the February 2026 Patch Tuesday '
'updates immediately.',
'data_breach': {'file_types_exposed': 'Shortcuts or links'},
'date_publicly_disclosed': '2026-02-10',
'date_resolved': '2026-02-10',
'description': 'Microsoft’s February 2026 Patch Tuesday addressed a critical '
'zero-day vulnerability in Windows Shell, tracked as '
'CVE-2026-21510, which is under active exploitation. The flaw '
'allows attackers to bypass security protections in Windows, '
'enabling malicious code execution without user warnings by '
"evading the 'Mark of the Web' feature.",
'impact': {'operational_impact': 'Arbitrary code execution without user '
'warnings',
'systems_affected': 'Windows Shell processing'},
'investigation_status': 'Patched',
'post_incident_analysis': {'corrective_actions': 'Patch released to address '
'the vulnerability.',
'root_causes': 'Flaw in Windows Shell processing '
'of certain file types, evading '
"'Mark of the Web' feature."},
'recommendations': 'Immediate patching via Windows Update to mitigate the '
'vulnerability.',
'references': [{'source': 'Microsoft Threat Intelligence Center (MSTIC) and '
'Google Threat Intelligence Group'}],
'response': {'communication_strategy': 'Public disclosure via Patch Tuesday',
'containment_measures': 'Patch released via Windows Update',
'remediation_measures': 'Immediate patching recommended'},
'title': 'Microsoft Patches Actively Exploited Zero-Day in Windows Shell '
'(CVE-2026-21510)',
'type': 'Zero-Day Vulnerability',
'vulnerability_exploited': 'CVE-2026-21510'}