Microsoft Warns of Actively Exploited Zero-Day in Windows Shell (CVE-2026-21510)
Microsoft has issued an urgent security alert for a high-severity zero-day vulnerability (CVE-2026-21510) in the Windows Shell, currently under active exploitation. The flaw, rated 8.8 on the CVSS scale, allows attackers to bypass critical security features, including SmartScreen and user prompts, enabling malicious code execution without warnings.
The vulnerability stems from a flaw in how the Windows Shell processes certain file metadata, allowing attackers to craft deceptive shortcuts (LNK files) or phishing links that appear legitimate. When opened, these files execute malicious payloads with the same trust level as local files, evading the "Mark of the Web" safeguard designed to flag downloaded content.
Affected systems include nearly all supported Windows versions Windows 10 and 11 (21H2 through 25H2), as well as Windows Server 2012, 2016, 2019, 2022, and 2025. Microsoft credits the discovery to its Threat Intelligence Center (MSTIC) and Google’s Threat Intelligence Group.
Patches were released in the February 2026 Security Updates (e.g., KB5077179 for Windows 11, KB5075912 for Windows 10), with Microsoft urging immediate deployment to mitigate ongoing attacks. Until applied, users are advised to exercise caution with untrusted shortcuts and links.
Source: https://gbhackers.com/windows-shell-zero-day-vulnerability/
Microsoft Security Response Center cybersecurity rating report: https://www.rankiteo.com/company/microsoft-security-response-center
"id": "MIC1770796471",
"linkid": "microsoft-security-response-center",
"type": "Vulnerability",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users of Windows 10, Windows '
'11, and Windows Server versions',
'industry': 'Software',
'location': 'Global',
'name': 'Microsoft',
'type': 'Technology Company'}],
'attack_vector': 'Malicious shortcuts (LNK files) or phishing links',
'customer_advisories': 'Users advised to exercise caution with untrusted '
'shortcuts and links',
'date_publicly_disclosed': '2026-02',
'description': 'Microsoft has issued an urgent security alert for a '
'high-severity zero-day vulnerability (CVE-2026-21510) in the '
'Windows Shell, currently under active exploitation. The flaw '
'allows attackers to bypass critical security features, '
'including SmartScreen and user prompts, enabling malicious '
'code execution without warnings. The vulnerability stems from '
'a flaw in how the Windows Shell processes certain file '
'metadata, allowing attackers to craft deceptive shortcuts '
'(LNK files) or phishing links that appear legitimate. When '
'opened, these files execute malicious payloads with the same '
"trust level as local files, evading the 'Mark of the Web' "
'safeguard designed to flag downloaded content.',
'impact': {'operational_impact': 'Malicious code execution without warnings',
'systems_affected': 'Windows 10, Windows 11 (21H2 through 25H2), '
'Windows Server 2012, 2016, 2019, 2022, 2025'},
'post_incident_analysis': {'corrective_actions': 'Patches released to address '
'the vulnerability',
'root_causes': 'Flaw in how the Windows Shell '
'processes certain file metadata'},
'recommendations': 'Exercise caution with untrusted shortcuts and links until '
'patches are applied',
'references': [{'source': 'Microsoft Security Alert'},
{'source': 'Google’s Threat Intelligence Group'}],
'response': {'communication_strategy': 'Urgent security alert issued',
'containment_measures': 'Patches released in February 2026 '
'Security Updates (e.g., KB5077179 for '
'Windows 11, KB5075912 for Windows 10)',
'remediation_measures': 'Immediate deployment of patches'},
'title': 'Microsoft Warns of Actively Exploited Zero-Day in Windows Shell '
'(CVE-2026-21510)',
'type': 'Zero-Day Vulnerability',
'vulnerability_exploited': 'CVE-2026-21510'}