Security

Microsoft's Valentine: Patches 6 exploited zero-days

Krishn patel

11 Feb 2026 — 1 min read

PATCH NOW

• Six exploited zero-day vulnerabilities were fixed by Microsoft in the latest update cycle. • Administrators should prioritize patching internet-facing and high-risk systems immediately. • Check Microsoft's security advisories and the Security Update Guide for CVE details and mitigations. • If you cannot patch immediately, apply recommended mitigations and monitor for indicators of compromise.

What Microsoft released

Microsoft has issued security updates that address six zero-day vulnerabilities known to be exploited in the wild. The company bundled the fixes into its regular update mechanism and published advisory information for administrators to review.

Why this matters

Zero-day vulnerabilities are those that attackers can exploit before a vendor issues a patch, so when Microsoft confirms active exploitation, affected systems face immediate risk. Unpatched systems — especially internet-facing servers and endpoints with elevated privileges — are priority targets for follow-up attacks or lateral movement.

What admins should do now

1. Prioritize patch deployment: Apply the Microsoft updates as soon as testing allows, starting with internet-facing services, domain controllers, and systems that store sensitive data.

2. Review advisories: Consult Microsoft's security advisories and the Security Update Guide for the full list of affected products, CVE IDs, and any suggested workarounds.

3. Use staged rollouts: Test patches in a controlled environment before broad deployment to catch compatibility issues, then accelerate rollout for high-risk assets.

4. Apply mitigations if needed: If a patch cannot be installed immediately, implement vendor-recommended mitigations and network controls to reduce exposure.

Monitoring and incident response

Security teams should scan logs and telemetry for signs of exploitation and review endpoint detection alerts. If there are indicators of compromise, follow your incident response plan: isolate affected hosts, collect forensic data, and apply remediation steps.

Staying informed

Keep an eye on Microsoft's official channels — the Security Update Guide, Security Response Center blog, and product advisories — for updates, additional mitigations, and any post-patch guidance. Regular patch hygiene and layered defenses remain the best protection against active zero-day exploitation.

One UI 8.5 refreshes charging animation on S25

One UI 8.5 revamps S25 charging animation

* Samsung released One UI 8.5 Beta 4 to the Galaxy S25 series with a subtle refresh to the charging indicator animation. * The update introduces two major changes compared with One UI 8.0’s animation, improving the look and feel. * The visual tweak builds on the battery icon redesign

Apple delays new Siri after testing snags

Apple’s Siri upgrade hits testing snags

* Key Takeaways: * Apple’s long-planned upgrade to Siri has encountered testing problems in recent weeks, potentially delaying several promised features. * The issues appear tied to stability and reliability during internal testing, which could push Apple to postpone parts of the launch. * A phased rollout, additional beta cycles, or feature scaling

Microsoft patches 59 vulnerabilities, six zero-days fixed

* Microsoft released patches for 59 vulnerabilities, including six actively exploited zero-days. * CISA has mandated urgent remediation across federal agencies. * Organizations should prioritize immediate patching, monitoring, and incident response. * Expect continued alerts and follow-up guidance from Microsoft and security agencies. What Microsoft released Microsoft has pushed a set of security updates

Microsoft Notepad adds Markdown — RCE risk flagged

Notepad’s Markdown update raises RCE alarms

* Notepad now has built-in Markdown features, a change that many users view as a further shift away from its minimalist roots. * The update has drawn criticism as a “WordPad-ification” of Microsoft’s classic text editor. * Security researchers have flagged a remote code execution (RCE) issue linked to the new Markdown