Fortra's February 2026 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.
Up first on the list are patches for Microsoft Edge (Chromium-based) that resolve heap buffer overflow and type confusion vulnerabilities.
Next on the list are patches for Microsoft Outlook, Word, and Excel. These patches resolve 6 issues including elevation of privilege, security feature bypass, and information disclosure vulnerabilities.
Up next are patches that affect components of the core Windows operating system. These patches resolve over 30 vulnerabilities, including elevation of privilege, information disclosure, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect Kernel, GDI, Windows Storage, Graphics Component, Shell, WSL, and various others.
Lastly, administrators should focus on server-side patches for LDAP, Hyper-V, Remote Desktop, Exchange, and Azure DevOps Server. These patches resolve 9 issues including remote code execution, elevation of privilege, and denial of service vulnerabilities.
| BULLETIN | CVE |
|---|---|
| Microsoft Edge (Chromium-based) | CVE-2026-1861, CVE-2026-1862 |
| Microsoft Office Outlook | CVE-2026-21511, CVE-2026-21260 |
| Microsoft Office Word | CVE-2026-21514 |
| Microsoft Office Excel | CVE-2026-21259, CVE-2026-21261, CVE-2026-21258 |
| Windows | CVE-2026-21508, CVE-2026-20846, CVE-2026-20841, CVE-2026-21236, CVE-2026-21238, CVE-2026-21241, CVE-2026-21253, CVE-2026-21235, CVE-2026-21246, CVE-2026-21231, CVE-2026-21245, CVE-2026-21239, CVE-2026-21222, CVE-2026-21510, CVE-2026-21513, CVE-2026-21249, CVE-2026-21237, CVE-2026-21242, CVE-2026-21229, CVE-2026-21519, CVE-2026-21523, CVE-2026-21257, CVE-2026-21256, CVE-2026-21234, CVE-2026-21232, CVE-2026-21250, CVE-2026-21240 |
| Azure DevOps Server | CVE-2026-21512 |
| Microsoft Exchange Server | CVE-2026-21527 |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2026-21243 |
| Windows Hyper-V | CVE-2026-21244, CVE-2026-21248, CVE-2026-21247, CVE-2026-21255 |
| Windows Remote Desktop | CVE-2026-21533 |
Cybercrime Intelligence Shouldn't Be Siloed
Fortra® experts are dedicated to protecting organizations and the public by delivering the latest insights, data, and defenses to strengthen security against emerging cyber threats.
