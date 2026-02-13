ETV Bharat / technology

Microsoft Releases Critical Security Updates For Zero-Day Vulnerabilities In Windows And Office: How To Install

Hyderabad: Microsoft has rolled out a major security update to fix several security vulnerabilities in Windows and Office. The company says that these bugs, known as zero day vulnerabilites, were being actively exploited by hackers, who could easily break into people's computers.

Microsoft mentions that these vulnerabilities are one-click attacks, meaning hackers can compromise a computer with minimal user interaction. They could simply integrate malware into a link and gain access to a victim’s computer with a single click on the malicious link or a harmful Office file.

Details on how to exploit these zero-day bugs are available online, says the company, increasing the risks of further such attacks. The company did not say where these details appeared.

What is Zero-Day?

A zero-day vulnerability is an undisclosed software bug that a tech company or its developers are unaware of. This means that the company does not have time or “zero days” to fix the bug before it is further exploited by hackers. In other words, vulnerabilities that are new and hidden from the company, and they do not have a single day to fix them, as the bug is being exploited by hackers. Vulnerabilities under zero day are high-risk security threats to users.

CVE-2026-21510: The Most Dangerous Bug

CVE-2026-21510 is the most dangerous bug tracked by Microsoft. It was found in the Windows Shell, which controls the system's user interface. This flaw affects all supported versions of Windows. If a user clicks on a suspicious link, the bug bypasses Microsoft's SmartScreen security, which normally blocks dangerous files and websites. Security experts say this vulnerability could allow remote hackers to silently install malware on a system.

It is worth noting that Google's Threat Intelligence Group also helped identify this bug. According to Google, this vulnerability was being exploited on a large scale, increasing the risk of attacks like ransomware or espionage.

Another bug, CVE-2026-21513, was found in Microsoft's old browser engine, MSHTML. Although Internet Explorer is now discontinued, the engine is still present in Windows so that old apps can continue to work. This flaw also allowed attackers to bypass security features and spread malware.

According to Brian Krebs, a renowned investigative journalist, Microsoft has also fixed three more zero-day vulnerabilities in its software that were being actively exploited by hackers.

What should users do?