TECHFIXBK BLOG
Windows Security Update: 6 Zero-Days and Secure Boot Crisis
Windows Security Update: 6 Zero-Days and Secure Boot Crisis
February 2026 Patch Tuesday fixes 6 actively exploited zero-days. Learn about SolarWinds vulnerabilities, mandatory MFA, and the June Secure Boot deadline.
Microsoft releases February 2026 patches for 58 vulnerabilities as critical Secure Boot certificates approach expiration.
Hook & Who This Is For (Intro)
Keeping a computer secure often feels like a constant race against hidden digital threats. The February 2026 Patch Tuesday highlights this ongoing challenge, as Microsoft has released fixes for 58 different vulnerabilities [23]. Among these are six zero-day vulnerabilities that were already being actively exploited by attackers before an official fix was available [8][23].
This article is intended for Windows 10 and Windows 11 users, as well as IT administrators responsible for maintaining organizational security. It covers the critical security updates released in February 2026, the ongoing transition to new Secure Boot certificates, and security improvements for the .NET Framework [8][10][23].
The information provided focuses on software-level security patches and configuration changes. It does not cover physical hardware repairs or specific BIOS update procedures for every individual laptop or motherboard manufacturer.
Who this is for:
- Windows Home Users: Individuals running Windows 10 or 11 who need to understand how these updates impact their system stability and security [13][15].
- IT Administrators: Professionals managing device fleets via tools like Microsoft Intune or Windows Autopatch [9].
- Developers: Those utilizing .NET 8.0, 9.0, or 10.0 who must address newly identified security feature bypass vulnerabilities [10].
- Organization Leaders: Decision-makers planning for the expiration of original Secure Boot certificates in June 2026 [13][15].
TL;DR / What This Means for You
The February 2026 security landscape is dominated by active exploitation of high-severity vulnerabilities and significant changes to administrative access requirements. Here is what you need to know:
- Active Exploitation of Web Help Desk: Threat actors are actively exploiting multiple vulnerabilities in SolarWinds Web Help Desk (
CVE-2025-40551,CVE-2025-40536, andCVE-2025-26399) to perform remote code execution and credential theft [2][7][8]. - Mandatory MFA Enforcement: Starting February 9, 2026, Microsoft is ramping up enforcement of multifactor authentication (MFA); users will be unable to sign in to the Microsoft 365 admin center without it [1][11].
- Phasing Out Legacy Protocols: Windows is officially moving away from NTLM authentication in favor of stronger Kerberos-based alternatives to prevent relay and Pass-the-Hash attacks [3][4][10].
- New "CrashFix" Malware: A new variant of the Clickfix social engineering attack, known as "CrashFix," is emerging [8]. It intentionally crashes browsers to trick users into running commands that deploy a Python Remote Access Trojan (RAT) [8].
- Secure Boot and DPAPI Updates: The January and February 2026 updates introduce automated Secure Boot certificate management via Microsoft Intune and automatic rotation for DPAPI domain backup keys [3][9].
Risk Note: While these updates significantly strengthen infrastructure security, the transition away from legacy systems like NTLM or the disabling of Windows Deployment Services (WDS) hands-free mode may require manual configuration to avoid disrupting older internal workflows [1][9]. Organizations should verify compatibility before enforcing strict Kerberos-only environments [3].
Key Sources (Quick Links)
- Monthly news - February 2026 | Microsoft Community Hub [1]
- Microsoft Launches AI QuickStart Programme with Support from IMDA and UOB - S... [2]
- Safer Internet Day 2026: Helping students be AI aware | Microsoft Education Blog [3]
Background / Basics
To understand the scale of the February 2026 security updates, it is helpful to define how Microsoft manages system vulnerabilities. Microsoft follows a monthly release schedule known as Patch Tuesday, which occurs on the second Tuesday of every month [1][23][67]. On February 10, 2026, the company released patches for approximately 58 to 61 security flaws across Windows, Office, and other services [10][23][67].
Understanding Key Security Terms
Security reports use specific terminology to describe the severity and nature of these threats. Understanding these terms is essential for evaluating the risk to your hardware and data:
- Zero-Day Vulnerability: A flaw that is either publicly known or already being exploited by hackers before an official fix is available [23][57].
- CVE (Common Vulnerabilities and Exposures): A unique identifier, such as
CVE-2026-21510, assigned to a specific security hole to help IT professionals track and patch it [10][46]. - Elevation of Privilege (EoP): A type of attack where a user gains higher access levels—such as SYSTEM privileges—than they are officially allowed [23][46].
- Remote Code Execution (RCE): A critical flaw that allows an attacker to run malicious commands on your computer from a different location [23][46].
The Current Threat Landscape
The February 2026 update is notable because it addresses six zero-day vulnerabilities that were actively exploited in the wild prior to the release [23][57][67]. Industry analysts suggest the number of bugs under active attack this month is "extraordinarily high," matching previous record peaks in vulnerability activity [57][13].
| Vulnerability Type | General Impact |
|---|---|
| Security Feature Bypass | Attackers can ignore Windows safety warnings, like SmartScreen [23]. |
| Information Disclosure | Private data or system details may be leaked to unauthorized parties [23][46]. |
| Denial of Service (DoS) | Attackers can crash a system or service, making it unusable for legitimate users [23][46]. |
Long-Term System Changes
Beyond immediate security fixes, Microsoft is using this update cycle to manage the lifecycle of core Windows components. This includes the phased rollout of new Secure Boot certificates to replace original versions from 2011 that are set to expire in late June 2026 [23][1][9].
Additionally, Windows is continuing to transition away from older authentication models. The system is gradually phasing out NTLM (New Technology LAN Manager) in favor of Kerberos, a more secure alternative for verifying user identities on a network [1][9][15]. This shift is intended to reduce the risk of credential theft and lateral movement by attackers [1][7].
Problem Explanation (What's Going On?)
Recent security analysis confirms that attackers have been actively exploiting vulnerabilities in SolarWinds Web Help Desk (WHD) to compromise IT environments [10][13]. These intrusions, which began appearing in late 2025 and continued into early 2026, allow unauthorized users to move laterally through networks and steal high-privilege credentials [13].
The practical impact of these exploits is significant. Researchers have observed attackers using Background Intelligent Transfer Service (BITS) for payload delivery, establishing reverse SSH shells for tunneling, and performing DLL sideloading to maintain persistence [10]. In some cases, the activity progressed to DCSync attacks, which involve the unauthorized replication of directory services to compromise entire domains [10].
Key Vulnerabilities Under Observation
Security teams are currently monitoring several specific Common Vulnerabilities and Exposures (CVEs) associated with these attacks. While some patches are available, the exact flaw being abused in every instance remains under investigation [13].
| CVE Identifier | Primary Risk | Status |
|---|---|---|
| CVE-2025-40551 | Remote Code Execution (RCE) | Active Exploitation Reported [10][13] |
| CVE-2025-40536 | Unauthorized Access | Active Exploitation Reported [10][13] |
| CVE-2025-26399 | Credential Theft | Under Investigation [13] |
The Secure Boot "Degraded State"
Beyond active software exploits, a systemic issue involves the expiration of original Secure Boot certificates [3]. Microsoft and major PC manufacturers have indicated that the original 2011-era certificates are set to expire in June 2026 [3][4]. While devices will continue to function immediately after expiration, they enter what is described as a "degraded security state" [4][8].
This state carries long-term operational risks for both home users and organizations:
- Limited Protections: Systems may lose the ability to receive new boot-level security mitigations [4].
- Compatibility Failures: Over time, newer operating systems, firmware, or hardware may fail to load if the 2023-era certificates are not installed [3][8].
- Boot Issues: For some PCs, the expiration could eventually prevent the installation of newer OS versions entirely [3].
The transition is a "generational refresh" of the trust foundation for modern PCs [5]. For most users, Windows Update is expected to handle the certificate replacement automatically [6]. However, a small fraction of devices may require manual firmware updates from the manufacturer to successfully apply these changes [6].
Root Causes / Analysis (Why Is This Happening?)
The current surge in exploitation involves a combination of critical software flaws, sophisticated evasion techniques, and the persistence of insecure legacy protocols. Investigations into recent campaigns, particularly those targeting SolarWinds Web Help Desk (WHD), highlight how attackers capitalize on these specific weaknesses [7][32].
Confirmed Technical Causes
- Untrusted Data Deserialization: A primary driver for recent remote code execution (RCE) is the failure of applications to properly sanitize data before processing [7][32]. For example, CVE-2025-40551 is a critical vulnerability (9.8 CVSS) that allows unauthenticated attackers to execute arbitrary commands by exploiting this deserialization flaw [32].
- Recurring Patch Bypasses: Several vulnerabilities have emerged as "bypasses" of previous security fixes [32]. CVE-2025-26399 was identified as a patch bypass for CVE-2024-28988, which itself was a fix for an earlier vulnerability [32]. This suggests that complex code structures can potentially make effective remediation difficult for vendors to implement in a single update [32].
- Security Control Bypasses: Vulnerabilities like CVE-2025-40536 allow unauthenticated users to gain access to restricted administrative functionalities [7][32]. These bypasses often serve as an initial foothold, enabling further lateral movement within a network [7][13].
- Legacy Protocol Exploitation: Threat actors continue to abuse New Technology LAN Manager (NTLM) authentication through techniques like Pass-the-Hash and NTLM relay [5][11]. These outdated protocols can allow attackers to bypass password complexity requirements and compromise entire domains [11].
Observed Attack Tradecraft
Security researchers have identified specific patterns in how these vulnerabilities are used during active intrusions:
| Technique | Method of Operation | Impact |
|---|---|---|
| Living-off-the-land | Using legitimate tools like PowerShell, certutil, and BITS [1][7]. |
Reduces the likelihood of detection by security software [7][13]. |
| DLL Sideloading | Abusing wab.exe to load malicious sspicli.dll files [2][7]. |
Enables credential theft from LSASS memory while avoiding standard dumping patterns [2][7]. |
| Virtualization Hiding | Creating scheduled tasks to launch QEMU virtual machines under the SYSTEM account [2][9]. |
Effectively hides malicious activity within a virtualized environment [9]. |
Hypotheses and Unverified Factors
While the technical flaws are documented, some aspects of the current threat landscape remain under investigation:
- Foothold Ambiguity: In some cases, it is currently impossible to confirm which specific vulnerability was used for initial access [13][32]. Because attacks in December 2025 occurred on machines vulnerable to both old and new CVEs simultaneously, researchers can only hypothesize about the exact entry point [13][32].
- Targeting Logic: It appears that threat actors may be prioritizing internet-facing applications that host sensitive data, such as help desk software, to achieve unauthenticated remote access [9][13].
- Exploitation Windows: Analysts suggest that the delay between initial exploitation (December 2025) and public disclosure (January 2026) may have provided attackers with a significant window of opportunity to move laterally before patches were available [13][32].
Evidence & Reality Check
Official documentation and security research from February 2026 confirm a high-pressure security landscape, with multiple vulnerabilities currently under active exploitation [13]. Reports from the Microsoft Security Blog and Windows IT Pro Blog indicate that the latest updates address critical infrastructure flaws and emerging threats to artificial intelligence (AI) systems [9][13].
The following table summarizes the primary security risks and documented threats verified in the current update cycle:
| Threat Type | Identifier / Name | Current Status | Impact |
|---|---|---|---|
| Software Vulnerability | CVE-2025-26399 |
Active Exploitation [13] | SolarWinds Web Help Desk compromise |
| Malware Variant | CrashFix | Increasing Activity [13] | Deploys Python Remote Access Trojans (RAT) |
| AI Security | Memory Poisoning | Documented Trend [13] | Manipulates AI recommendations for profit |
| Firmware Security | Secure Boot Update | Ongoing Rollout [14] | Generational refresh of startup trust |
Verified Infrastructure Risks
Beyond standard software patching, industry experts are monitoring a significant transition in the Secure Boot certificate ecosystem. Documentation confirms that original certificates are set to expire in June 2026, necessitating a "generational refresh" of the trust foundation modern PCs rely on during startup [4][14].
Note: This update is described as an ongoing responsibility shared across the PC ecosystem to ensure that future innovations in hardware and operating systems remain secure [14].
Global Safety Sentiment
Data from the 2026 Global Online Safety Survey provides a reality check on the human impact of these technical risks [7]. After a decade of research involving 130,000 interviews across 37 countries, findings suggest that while connectivity has increased, users feel less safe online [3][7].
- 91% of respondents expressed concerns regarding potential harms introduced by AI technology [7].
- Exposure to digital risks for teenagers has risen, with hate speech (35%) and scams (29%) being the most frequently reported issues [3].
- AI memory manipulation is noted as a growing method for secretly influencing AI-generated summaries and recommendations [13].
These confirmed trends highlight why current security measures focus heavily on "safety-by-design," as the internet has changed profoundly over the last decade [3][7]. Security experts suggest that unless industry-wide collaboration continues, the real-world impact of these evolving risks could limit access to technology for younger users [3][5].
Self-Check / Diagnosis
The February updates address several critical areas, most notably the upcoming Secure Boot certificate expiration and active exploitations of SolarWinds Web Help Desk (WHD). Use the following steps to determine if your systems require immediate intervention.
Step 1: Verify Secure Boot Status
To receive the new certificates, Secure Boot must be active. If it is disabled, the automated update process through Windows Update may not complete successfully [2][7].
- Press
Windows + R, typemsinfo32, and press Enter. - In the System Information window, locate Secure Boot State.
- Ensure it is set to On [2]. If it is Off, you may need to enable it within your PC’s BIOS/UEFI settings [2][3].
Step 2: Check for the 2023 Secure Boot Certificate
You can verify if your system is already using the updated Windows UEFI CA 2023 certificate by running a specific command in PowerShell.
- Right-click the Start button and select Terminal (Admin) or PowerShell (Admin).
- Paste the following command and press Enter:
([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023') - If the result is True, your system is currently using the new certificate [2].
- If the result is False, your system is still relying on the 2011 certificates that are set to expire in June 2026 [2][10].
Step 3: Check BIOS/UEFI Firmware Integration
Even if Windows is using the new certificate, it is beneficial to see if the certificate is "baked into" your hardware's firmware. This ensures that a BIOS reset won't revert the system to an unsupported state [3].
- In the same Admin PowerShell window, run:
([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI dbdefault).bytes) -match 'Windows UEFI CA 2023') - A result of True means your BIOS is fully updated with the new root of trust [3].
- A result of False is common for older PCs; check your manufacturer’s (OEM) support page for a BIOS update [1][3].
Step 4: Identify Vulnerable SolarWinds WHD Instances
For organizations using SolarWinds Web Help Desk, it is critical to identify if your version is vulnerable to CVE-2025-40551 or CVE-2025-40536, which allow unauthenticated remote code execution [15].
- Check Software Version: Review your WHD installation. Versions prior to 2026.1 are likely at risk [8].
- Run Hunting Queries: If you use Microsoft Defender XDR, you can use Kusto Query Language (KQL) to find vulnerable servers:
DeviceTvmSoftwareVulnerabilities | where CveId has_any ('CVE-2025-40551', 'CVE-2025-40536', 'CVE-2025-26399')[8].
Step 5: Look for Indicators of Compromise (IoC)
If you manage a SolarWinds WHD server, check for signs of active exploitation. Attackers have been observed using PowerShell to download payloads via BITS [11][15].
- Suspicious Processes: Monitor for
java.exeorwrapper.exespawningpowershell.exe[8][11]. - Unauthorized Tools: Look for artifacts of Zoho ManageEngine or QEMU virtual machines (
qemu-system-x86_64.exe) being used for persistence [15]. - Log Analysis: Check for unusual
SCHTASKScommands, particularly those creating tasks named TPMProfiler [15].
Warning: If you find evidence of these tools or tasks on your server, the system should be isolated immediately as it may be compromised [9].
Solutions / What to Do
Addressing the vulnerabilities identified in the February 2026 update requires a combination of immediate patching, system verification, and long-term infrastructure planning. Organizations and individual users should prioritize critical fixes for active exploits before moving to preventative maintenance.
Short-Term Options: Immediate Mitigation
The most urgent priority is addressing active exploitation of SolarWinds Web Help Desk (WHD) and ensuring Multifactor Authentication (MFA) is active for administrative accounts.
- Patch and Restrict SolarWinds WHD: Update software to address
CVE-2025-40551,CVE-2025-40536, andCVE-2025-26399immediately [1][11]. Remove public access to admin paths and increase logging on the Ajax Proxy to detect suspicious activity [1]. - Enforce Administrative MFA: Starting February 9, 2026, Microsoft began ramping up enforcement for Microsoft 365 admin center sign-ins [13]. Ensure all administrative accounts have successfully configured MFA to avoid lockout [13].
- Identify and Evict Artifacts: If a compromise is suspected, search for and remove ManageEngine RMM artifacts (such as
ToolsIQ.exe) added after exploitation [1]. - Rotate High-Privilege Credentials: Because threat actors have been observed using DCSync to request password data from domain controllers, you should rotate credentials for all service and administrator accounts reachable from compromised hosts [1][11].
Long-Term Options: System Maintenance and Transitions
Beyond immediate patches, users must prepare for the expiration of Secure Boot certificates and the retirement of specific Microsoft 365 services.
Secure Boot Verification
To ensure systems continue to boot securely after the June 2026 certificate expiration, follow these diagnostic steps:
- Check Current Certificate Status: Open PowerShell as an Administrator and run the following command:
([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023')[6]. - Confirm Secure Boot State: Type
Windows + R, entermsinfo32, and verify that Secure Boot State is set to "On" [6]. - Update Firmware: Check your OEM support page to ensure the latest firmware is installed [10][12]. For older PCs, a factory reset of Secure Boot keys within the BIOS may be necessary to clear space in the NVRAM for new certificates [6].
Warning: If performing a factory reset of Secure Boot keys on a system with BitLocker encryption, ensure you have your recovery key available to avoid permanent data loss [6].
Software Lifecycle Planning
Several standalone plans are entering retirement phases. IT teams should begin reviewing tenant usage to ensure continuity:
| Milestone | Date | Impact |
|---|---|---|
| End of Sale | June 2026 | No new tenants/customers for affected standalone plans [12]. |
| End of Life | January 2027 | No further renewals for existing contracts [12]. |
| End of Service | December 2029 | All standalone plans fully retired; must transition to M365 suites [12]. |
Risks & Limitations
While these steps significantly reduce the attack surface, they do not offer absolute protection.
- Degraded Security States: Devices that do not receive the new Secure Boot certificates before the June 2026 deadline will continue to function, but they will enter a degraded security state [9]. This limits the system's ability to receive future boot-level protections and may cause compatibility issues with newer operating systems [9].
- Specialized Systems: Certain IoT or server devices may follow different update processes and should be evaluated individually as part of a specialized deployment plan [12].
- Firmware Dependencies: For a small fraction of devices, the new certificates cannot be applied via Windows Update until a separate firmware update from the manufacturer is manually installed [12].
Risks, Limits, and When to Stop
While addressing security vulnerabilities is critical, implementing large-scale updates and navigating platform transitions involves inherent challenges. It is essential to recognize the boundaries of automated tools and understand when professional intervention is required to maintain system stability.
Technical Risks and Implementation Challenges
Applying major security patches or migrating services often presents unforeseen complications. A single cybersecurity incident or a failed update sequence can disrupt instruction, halt essential services, and erode trust among users and partners [4][13].
Organizations utilizing Microsoft 365 or Azure services must manage the following confirmed risks:
- Service Disruptions: Improperly configured Multi-Factor Authentication (MFA) tokens can lead to service disruptions during enforcement phases [14].
- Data Loss during Migration: The retirement of standalone SharePoint Online and OneDrive for Business plans (announced late January 2026) requires careful data optimization and migration to avoid loss or nonstandard usage [9][14].
- Billing Anomalies: Subscriptions set to "Auto-renew off" may move to Extended Service Terms (EST) or be canceled entirely at expiration, potentially resulting in unexpected billing or loss of service if not managed before the end of the term [15].
Limitations of Digital Safety Tools
Technical patches alone cannot eliminate all digital threats. Evidence from the 2026 Global Online Safety Survey indicates that despite increased reporting behavior, 91% of users remain concerned about harms introduced by AI [2][8].
| Risk Factor | Impact Level | Limitation of Technical Fixes |
|---|---|---|
| Identity-Based Attacks | High | Requires MFA enforcement and correct API token validation to be effective [14]. |
| AI Misuse | Emerging | Technical guardrails must be supplemented by user literacy and critical thinking [1][13]. |
| Social Harms | High | Risks like recruitment and radicalization require specialized educational immersion, not just software updates [6]. |
Current research suggests that unless industry can deliver truly age-appropriate experiences, young people risk losing access to essential technology due to safety concerns [2].
When to Seek Professional Assistance
Certain scenarios exceed the scope of basic troubleshooting and require expert technical or administrative oversight.
Technical Implementation and Migration Consult with technical teams to schedule and test updates if you are managing complex environments, especially those involving user API calls or custom storage infrastructure [10][15]. Professional guidance is recommended when transitioning from retired standalone storage plans to Microsoft 365 suites to ensure continuity [14].
Large-Scale Licensing and Security For organizations managing high-volume deals—where maximum license caps for CSP promotions have increased from 2,400 to 9,999—administrative complexity can rise significantly [10]. Partners and IT leads should utilize Security Immersion Briefings to tackle rising cybersecurity threats rather than attempting to self-manage advanced Defender for Business deployments [10].
Critical Failure Points Stop and seek expert help immediately if:
- MFA enforcement prevents authorized users from accessing the Partner Center or essential APIs [14].
- Data migration for SharePoint or OneDrive results in "unintended or nonstandard usage" alerts [14].
- Subscription statuses move to EST unexpectedly, indicating a failure in the autorenewal logic [15].
FAQ
What are the new security recommendations for Windows workstations?
Microsoft has introduced new Microsoft Secure Score recommendations through Microsoft Defender Vulnerability Management [15]. It is now advised to disable the Remote Registry service to prevent unauthorized configuration changes and lateral movement [15]. Additionally, security guidelines suggest disabling NTLM authentication for Windows workstations to mitigate risks such as credential theft, Pass-the-Hash, and NTLM relay attacks [15].
How is Microsoft changing the way agents are identified in Entra?
Microsoft has launched a Public Preview for Entra Agent IDs, which provides a dedicated identity for automated agents [4]. Previously, agents typically used "User On-Behalf-Of" (OBO) tokens, but the new system allows organizations to build, govern, and protect agents with their own unique identities [4]. This update is intended to extend comprehensive security capabilities to agent-based workflows [4].
What changes have been made to Windows update management via Microsoft Intune?
Starting with the January 2026 security update, the option to install Windows quality updates during the out-of-box experience (OOBE) is no longer enabled by default in Microsoft Intune [7]. Furthermore, Windows Backup for Organizations is expanding to include a new restore experience at first sign-in, allowing Windows 11 users to restore settings and Microsoft Store app lists more efficiently [7].
Is there a deadline for implementing MFA for Partner Center APIs?
Yes, full enforcement of multifactor authentication (MFA) for all Partner Center APIs is scheduled to begin on April 1, 2026 [6]. Any API calls made without MFA after this date will be blocked to protect against identity-based attacks [6]. All APIs are currently MFA-enabled and ready for testing to avoid service disruptions when the enforcement period starts [6].
Why is Microsoft phasing out NTLM authentication?
Windows is transitioning to a more secure authentication model by phasing out New Technology LAN Manager (NTLM) in favor of stronger, Kerberos-based alternatives [7]. NTLM is considered outdated and insecure because it can be exploited by attackers to bypass password complexity and compromise entire domains [15]. Analysts suggest this move significantly strengthens the security posture of enterprise environments [6].
Have the license limits for Microsoft 365 promotions changed?
Microsoft has increased the maximum license cap for eligible Cloud Solution Provider (CSP) promotions from 2,400 to 9,999 licenses [11]. This increase applies to Microsoft 365 E3, Microsoft 365 E5, and Microsoft 365 Copilot promotions [11]. However, Copilot Business promotions are not included in this update and remain capped at 300 licenses [11].
Summary / Key Takeaways
The February 2026 security landscape is defined by critical infrastructure updates and a heightened focus on identity protection. While specific patch counts for zero-days are often finalized during the rollout, active exploitation of vulnerabilities in platforms like SolarWinds Web Help Desk highlights the immediate need for administrative action [7][13].
- Mandatory Security Protocols: Starting February 9, 2026, Multifactor Authentication (MFA) is mandatory for all users accessing the Microsoft 365 admin center to prevent unauthorized access [8].
- Active Exploitation Defense: Administrators should prioritize patching CVE-2025-40551 and CVE-2025-40536, which have seen active exploitation involving credential theft and malicious
sspicli.dllside-loading [13]. - Infrastructure Transitions: NTLM is being phased out in favor of Kerberos-based alternatives to modernize network authentication security [6].
- Educational Guardrails: With 91% of users reporting concerns regarding AI-related harms, new resources like the AI Futures Youth Council and the CyberSafe series aim to provide safer environments for younger users [5][12].
If you’re unsure about the status of your current security updates, it’s usually cheaper to ask someone once than to fix a mistake later.
Quellen
[1] Monthly news - February 2026 | Microsoft Community Hub
[2] Microsoft Launches AI QuickStart Programme with Support from IMDA and UOB - S...
[3] Safer Internet Day 2026: Helping students be AI aware | Microsoft Education Blog
[4] Building a safer digital future, together
[5] Updates in two of our core priorities - The Official Microsoft Blog
[6] New in Microsoft Marketplace: February 5, 2026 | Microsoft Community Hub
[7] Analysis of active exploitation of SolarWinds Web Help Desk | Microsoft Secur...
[8] Refreshing the root of trust: industry collaboration on Secure Boot certifica...
[9] Windows news you can use: January 2026 - Windows IT Pro Bog
[10] .NET and .NET Framework February 2026 servicing releases updates - .NET Blog
[11] February 2026 announcements - Partner Center announcements
[12] January 2026 announcements - Partner Center announcements
[13] Windows' original Secure Boot certificates expire in June—here's wh...
[14] The Hacker News - Google News
[15] CybersecurityNews - Google News
[16] CybersecurityNews - Google News
[17] gbhackers.com - Google News
[18] BeyondTrust warns of critical RCE flaw in remote support software
[19] SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed ...
[20] Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicio...
[21] ⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Back...
[22] CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
[23] Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
[24] ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered ...
[25] Microsoft releases Windows 10 KB5075912 extended security update
[26] Windows 11 KB5077181 & KB5075941 cumulative updates released
[27] Microsoft is refreshing Secure Boot certificates to plug security holes befor...
[28] Windows 10/11 Patch-Day Februar: Das gro�e Sicherheitsupdate ist da
[29] Windows 11: Diese neuen Funktionen bringt der Februar-Patchday mit
[30] Microsoft kümmert sich um kritische Sicherheitslücke im Azure-Umfeld
[31] Microsoft promises a big February patch - but will it fix what's broken ...
[32] Someone
[33] Microsoft announces new mobile-style Windows security controls
[34] Windows update ties Spotify, smarter security into your PC
[35] BeyondTrust RCE flaw lets hackers run code without logging in
[36] Windows info-disclosure 0-day bug gets a fix and CISA alert
[37] PC gaming issues traced to Windows Update, according to NVIDIA
[38] Microsoft confirms Windows 10 shutdown bug
[39] Microsoft-Patchday: Updates entfernen aktiv genutzten Angriffsweg aus Windows
[40] Windows: Microsoft patches Patchday patches
[41] Azure power wobble knocks Windows Update offline
[42] Yet another Windows update is wreaking havoc on gaming rigs worldwide —...
[43] Critical Fortinet FortiClient EMS Vulnerability Allows Remote Code Execution
[44] BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access...
[45] Week in review: Notepad++ supply chain attack details and targets, Patch Tues...
[46] Microsoft Patch Tuesday February 2026 – 54 Vulnerabilities Fixed, Including 6...
[47] Cybersecurity Weekly Newsletter - Notepad++ hack, Office 0-Day, ESXi 0-day Ra...
[48] BeyondTrust Remote Access Products Hit by 0-Day RCE Vulnerability
[49] TeamPCP did a Massive Campaign Exploiting Docker, Kubernetes, and React2Shell
[50] CVE-2026-21643: Critical FortiClient EMS Vulnerability Enables Unauthenticate...
[51] CVE 2026 The Vulnerability Landscape: When Identity Breaks and Legacy Code Bi...
[52] Researchers delve inside new SolarWinds RCE attack chain | Computer Weekly
[53] CISA confirms exploitation of VMware ESXi flaw by ransomware attackers - Help...
[54] CVE-2023-29552: NetApp SMI-S Provider DoS Vulnerability
[55] 1,000+ Flaws Found, Including Critical IT & ICS Vulnerabilities
[56] February Patch Tuesday: Microsoft drops six zero-days | Computer Weekly
[57] Microsoft Patch Tuesday matches last year’s zero-day high with six actively e...
[58] Microsoft Releases February 2026 Patch Tuesday Updates
[59] Patch Tuesday Updates for Windows 11 and 10, February 10, 2026
[60] I tested Windows 11 February 2026 Updates: Everything new, improved, and fixed
[61] February 2026 Patch Tuesday forecast: Lots of OOB love this month - Help Net ...
[62] Fancy Bear Exploits Microsoft Zero-Day to Deploy Backdoors and Email Stealers
[63] Fancy Bear Hackers Exploiting Microsoft Zero-Day Vulnerability to Deploy Back...
[64] SAP Security Patch Day - Critical SAP CRM and SAP S/4HANA Code Injection Vuln...
[65] Cybersecurity firm Rapid7 books $860M in 2025 sales, 11,500+ clients
[66] Fallout from latest Ivanti zero-days spreads to nearly 100 victims
[67] Microsoft Patch Tuesday, February 2026 Security Update Review | Qualys
[68] CVE-2026-21509: APT28 Exploits Microsoft Office Zero-day Vulnerability
[69] February 2026 Microsoft Patch Tuesday | Tenable®
[70] Clawdbot: How to Mitigate Agentic AI Security Vulnerabilities
[71] LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On...
[72] FinancialContent - 8x8, Tenable, MongoDB, Unity, and Elastic Stocks Trade Up,...
[73] CVE-2026-1731 | Arctic Wolf
[74] CISA Silently Updates Vulnerabilities Exploited by Ransomware Groups
[75] Microsoft Patchday für Februar 2026 mit Sicherheitsupdates für Windows 11 und...
[76] KB5075912 Windows 10 22H2 [Manueller Download] Sicherheitspatch Februar 2026 ...
[77] Microsoft Office Zero-Day Actively Exploited - Emergency Patches Released
[78] CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency...
[79] Known Exploited Vulnerabilities Catalog | CISA
[80] Patch Tuesday Februar 2026: Frische Sicherheitsupdates für Windows 10 und 11
[81] Patch Tuesday February 2026: Security Updates & CVE Analysis
[82] Windows 11: Microsoft setzt auf Mopria und beendet Unterstützung für Legacy-D...
[83] When meeting room tech becomes an IT problem - Spiceworks
[84] CVE-2026-20805: Microsoft Fixes Actively Exploited Windows Desktop Manager Ze...
[85] Microsoft Office vulnerability (CVE-2026-21509) in active exploitation
[86] SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
[87] ISC Stormcast For Tuesday, February 3rd, 2026 https://isc.sans.edu/podcastdet...
[88] Microsoft Patch Tuesday – February 2026 - Lansweeper
[89] CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA
[90] TeamPCP Worm Targets Docker, Kubernetes, Ray, and Redis via React2Shell CVE-2...
[91] Windows-Lücke CVE-2026-20805: Kritisches Update gegen aktive Angriffe
[92] KB5077181 Windows 11 25H2 / 24H2 [Manueller Download] Sicherheitsupdate Febru...
[93] Windows 11: Nvidia bestätigt Probleme mit dem Januar 2026 Update KB5074109
[94] Nvidia is looking into gaming issues after Windows 11 KB5074109 January 2026 ...
[95] Windows 11 Update-Chaos - flüchten oder standhalten?
[96] Windows 11: Februar-Sicherheitsupdates sind da
[97] Microsoft veröffentlicht KB5077181 für Windows 11 Version 24H2 und 25H2 ̵...
[98] Windows 11: Microsoft startet 2026 mit massivem KI-Update - BornCity
[99] FinancialContent - Microsoft’s AI Valuation Crossroads: A Deep Dive int...
[100] Security Update Guide - Microsoft Security Response Center
[101] Emergency Microsoft update fixes in-the-wild Office zero-day
[102] How to Fix Windows Update Errors and Issues
[103] Zero Day Initiative — Blog
[104] Microsoft Monthly Security Update (January 2026)
[105] Microsoft Data Center Power Outage Disrupts Windows 11 Updates and Store Func...
[106] Actualizar Windows ya no es opcional: cuáles son los riesgos de seguir poster...
[107] NVD - Search and Statistics
[108] Microsoft prepares to refresh Secure Boot’s digital certificate
[109] Windows 10 gets build 19045.6937 in February 2026 with ESU security fixes
[110] Windows 11 KB5074109 breaks Nvidia gaming: fix | tbreak
[111] Windows Won't Shut Down After Update? Here's How to Fix It - Make T...
[112] KB5077800 - Details, Issues, & Feedback - NinjaOne
[113] NVIDIA blames the latest Windows 11 update for reducing gaming performance - ...
[114] XFN 1.1 profile
[115] XFN 1.1 profile
[116] fonts.googleapis.com
[117] The Hacker News
[118] fonts.googleapis.com
[119] BleepingComputer (@[email protected]) - Infosec Exchange
[120] Cyber Threat Intelligence ® | LinkedIn
[121] The Hacker News | LinkedIn
[122] Cyber Security News ® | LinkedIn
[123] Help Net Security | LinkedIn
[124] Known Exploited Vulnerabilities Catalog | CISA
[125] Tenable Blog
[126] Tenable Security Center dashboards
[127] Tenable Security Center templates
Relevant Services
More from the Blog
- Windows 11 Performance: Why Your Fast PC Feels Slow(Mar 1, 2026)
- Windows 11 Start Menu Redesign: Why Users Are Frustrated(Mar 1, 2026)
- Windows 11's New Start Menu Triggers 'Windows 8' Flashbacks(Mar 1, 2026)
- Microsoft Copilot Tasks: How AI Agents Now Automate Work(Mar 1, 2026)
- Trump Orders US Agencies to Halt All Anthropic AI Use(Feb 28, 2026)
- NVIDIA GeForce Driver 595.59: Critical Fan Bug and Rollback(Feb 28, 2026)
- View all blog posts
Brauchen Sie Hilfe?
Wir reparieren Ihren PC oder Laptop schnell und zuverlässig.
Jetzt Reparatur anfragen