February “In the Trend of VM” (#24): vulnerabilities in Microsoft products

February "In the Trend of VM" 24: vulnerabilities in Microsoft products. A traditional monthly roundup of trending vulnerabilities. This time, compact and all-Microsoft. 🗞 Post on Habr rus 🗒 Digest on the PT website rus In total, two vulnerabilities: 🔻 RCE - Microsoft Office CVE-2026-21509 🔻...

CVE-2026-21519

Access of resource using incompatible type 'type confusion' in Desktop Window Manager allows an authorized attacker to elevate privileges locally...

Patch Tuesday, February 2026 Edition

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild. Zero-day 1 this month is CVE-2026-21510, a security feature...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...

CVE-2026-21519

Access of resource using incompatible type 'type confusion' in Desktop Window Manager allows an authorized attacker to elevate privileges locally...

CVE-2026-21519

Access of resource using incompatible type 'type confusion' in Desktop Window Manager allows an authorized attacker to elevate privileges locally...

CVE-2026-21519

Access of resource using incompatible type 'type confusion' in Desktop Window Manager allows an authorized attacker to elevate privileges locally...

CVE-2026-21519 Desktop Window Manager Elevation of Privilege Vulnerability

...

CVE-2026-21519

CVE-2026-21519 is a local elevation-of-privilege flaw in Windows Desktop Window Manager caused by type confusion. An authenticated, low-privilege attacker can overwhelm DWM locally to gain SYSTEM rights, with no user interaction required. It has been identified as exploited in the wild by multipl...

CVE-2026-21519 Desktop Window Manager Elevation of Privilege Vulnerability

...

Desktop Window Manager Elevation of Privilege Vulnerability

Access of resource using incompatible type 'type confusion' in Desktop Window Manager allows an authorized attacker to elevate privileges locally...

KB5075999: Windows 10 Version 1607 / Windows Server 2016 Security Update (February 2026)

The remote Windows host is missing security update 5075999. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...

KB5075941: Windows 11 version 23H2 Security Update (February 2026)

The remote Windows host is missing security update 5075941. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...

Microsoft Windows Type Confusion Vulnerability

Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally...

Microsoft Desktop Windows Manager 安全漏洞

Microsoft Desktop Windows Manager is a desktop window manager developed by Microsoft Corporation. There are security vulnerabilities in Microsoft Desktop Windows Manager. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affected: Windo...

PT-2026-7404

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A type confusion issue in the Desktop Window Manager component allows an authorized attacker to elevate privileges locally. This issue is actively exploited and has been observed in...

KB5075906: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (February 2026)

The remote Windows host is missing security update 5075906. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...

KB5075912: Windows 10 version 21H2 / Windows 10 Version 22H2 Security Update (February 2026)

The remote Windows host is missing security update 5075912. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...

VulnCheck KEV: CVE-2026-21519

Access of resource using incompatible type 'type confusion' in Desktop Window Manager allows an authorized attacker to elevate privileges locally...

KB5075904: Windows 10 version 1809 / Windows Server 2019 Security Update (February 2026)

The remote Windows host is missing security update 5075904. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...