Skip to content
July 6, 2026
  • AI & Copilot
  • Azure Cloud
  • How To Guides
  • Microsoft 365 Office
  • Windows
  • XBOX
  • Privacy Policy

Microsoft News Now

The Home of Microsoft News Today

Primary Menu
  • AI & Copilot
  • Azure Cloud
  • How To Guides
  • Microsoft 365 Office
  • Windows
  • XBOX
  • Privacy Policy
Light/Dark Button
Subscribe

Home - News - Microsoft February 2026 Security Updates for Office and Exchange Server Fix Actively Exploited Zero‑Day

  • News
  • Microsoft 365/Office

Microsoft February 2026 Security Updates for Office and Exchange Server Fix Actively Exploited Zero‑Day

Microsoft ships February 2026 security updates for Office and Exchange Server, including fixes for actively exploited vulnerabilities.
Dave W. Shanahan 5 months ago (Last updated: 5 months ago) 4 minutes read
Microsoft February 2026 Security Updates for Office and Exchange Server Fix Actively Exploited Zero‑Day

Alongside Windows and Azure patches, Microsoft has published its February 2026 security updates for Microsoft Office and on‑premises Exchange Server, addressing vulnerabilities ranging from information disclosure to remote code execution and privilege escalation. Some of these flaws are part of the same set of 50‑plus vulnerabilities fixed in this month’s Patch Tuesday, and at least one Office‑related zero‑day has been highlighted by security researchers as being actively exploited.

February 2026 Security Updates for Office

February 2026 Security Updates

The February 2026 Office patches cover supported versions of Microsoft Office on Windows, including perpetual licenses and Microsoft 365 Apps on the desktop. Security advisories indicate that several Office vulnerabilities are being fixed this month, addressing issues in components like Word and shared Office libraries.

One of the notable zero‑days called out in our security coverage is CVE‑2026‑21514, a vulnerability affecting Microsoft Office Word with a CVSS score around 7.8 that can be exploited via malicious documents. This bug is one of three security feature bypass issues Microsoft lists as publicly disclosed at the time of patching, alongside CVE‑2026‑21510 and CVE‑2026‑21513. Attackers who convince users to open crafted files can use such vulnerabilities to bypass Office’s built‑in protections and potentially execute follow‑on code.

Office security updates are typically delivered automatically via Microsoft Update for Microsoft 365 Apps and through separate update channels for volume‑licensed Office installations. Admins should verify that February’s Office security updates are deployed across their fleet, especially on systems used by executives, finance teams, and others who frequently handle external documents.

Exchange Server Security Updates for Subscription Edition and 2019

On the server side, Microsoft’s Exchange team has released new Security Updates (SUs) for Exchange Server Subscription Edition and Exchange Server 2019 as part of the February 2026 patch cycle. These SUs address vulnerabilities that were responsibly reported to Microsoft by security partners and discovered by its internal security teams, continuing the cadence of monthly Exchange fixes.

Microsoft’s Exchange blog explains that the February 2026 SUs are available for:

  • Exchange Server Subscription Edition

  • Exchange Server 2019 (supported cumulative update branches)​

The company strongly recommends that customers running any supported version install the latest SU as soon as possible, particularly for internet‑facing or hybrid deployments. Historically, many high‑profile breaches have involved unpatched Exchange servers exposed to the internet, and this month is no exception in terms of risk profile.​

Post‑installation steps and known issues

Microsoft Releases February 2026 Security Updates for Office and Exchange Server

As with previous Exchange releases, Microsoft stresses that admins should perform additional verification after installing the February 2026 SUs. Recommended steps include:

  • Running the latest Exchange Health Checker script to confirm the environment is in a supported and healthy state.

  • Verifying that the Exchange services have started correctly and that PowerShell remoting works as expected.​

  • Checking for any warnings in the Application and System event logs related to the update.​

Initial community feedback mentions that some Exchange Server 2019 environments have seen PowerShell connectivity issues after installing recent SUs, so testing in a staging environment before broad deployment remains a best practice.​

Why Office and Exchange patches matter this month

This month’s Office and Exchange updates sit within the broader context of February 2026 Patch Tuesday, which fixes six actively exploited zero‑day vulnerabilities across Microsoft’s ecosystem. Office and Exchange have historically been attractive targets for attackers because they handle email and documents—the most common entry points for phishing and malware.

By patching Office and Exchange alongside Windows, organizations can close off multiple layers of their attack surface: the client apps that open malicious files, the servers that process and route email, and the underlying OS components attackers try to exploit for privilege escalation. For anyone running internet‑facing Exchange Server or handling sensitive data in Office, the February 2026 security updates should be treated as a high‑priority maintenance task, not an optional extra.

Recent Posts You Might Like

  • Microsoft February 2026 Patch Tuesday Fixes 6 Zero‑Days and 50+ Windows Security Flaws
  • Windows 10 February 2026 ESU Update KB5075912 Preps PCs for New Secure Boot Certificates
  • Windows 11 February 2026 Update: KB5077181 and KB5075941 Fix Zero‑Days, Gaming Bugs, and Secure Boot Issues
  • What’s New in Microsoft Sentinel February 2026: Improved Connectors, Multi‑Tenant Content, and More
  • Microsoft Edge for Business Brings Safer, Scalable Browsing to K–12 Classrooms

About The Author

February 2026 Security Updates

Dave W. Shanahan

I’m Dave W. Shanahan, a Microsoft enthusiast with a passion for Windows, Xbox, Microsoft 365 Copilot, Azure, and more. I started MSFTNewsNow.com to keep the world updated on Microsoft news. Based in Massachusetts, you can email me at davewshanahan@gmail.com.

See author's posts

Like this:

LikeLoading…

Related


Discover more from Microsoft News Now

Subscribe to get the latest posts sent to your email.

Tags: AzureGamingMicrosoftMicrosoft 365Microsoft 365 AppsMicrosoft EdgeMicrosoft OfficePatch TuesdayPowerShellSecuritySurfaceWindowsWindows 10Windows 11

Post navigation

Previous: Windows 11 February 2026 Update: KB5077181 and KB5075941 Fix Zero‑Days, Gaming Bugs, and Secure Boot Issues
Next: What’s New in Microsoft Sentinel February 2026: Improved Connectors, Multi‑Tenant Content, and More

Related Stories

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10
  • News
  • XBOX and Gaming

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10

Dave W. Shanahan 2 days ago 0
XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week
  • News
  • XBOX and Gaming

XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week

Dave W. Shanahan 4 days ago 0
Microsoft Frontier Company: Microsoft's $2.5B Bet On Trusted Enterprise AI Transformation
  • News
  • Enterprise

Microsoft Frontier Company: Microsoft’s Big $2.5B Bet On Trusted Enterprise AI Transformation

Dave W. Shanahan 4 days ago 0

AccessibilityAmazonAndroidAuthenticationAzureCall of DutyCopilotCybersecurityDeveloperEnterpriseFree Play DaysGamingGenerative AIGitHubGoogleLinkedinMicrosoftMicrosoft 365Microsoft 365 CopilotMicrosoft CopilotMicrosoft EdgeMicrosoft StoreMicrosoft TeamsNext Week on XBOXOpenAIOutlookPatch TuesdayPrivacySecuritySettingsSharePointSurfaceTwitterWindowsWindows 10Windows 11Windows InsiderXBOXXBOX Game PassXBOX Game Pass UltimateXBOX OneXBOX Play AnywhereXBOX Series XXBOX Series X|SXBOX Wire

Useful Links

  • AI and Copilot (249)
  • Azure & Cloud (35)
  • Developers (3)
  • Enterprise (4)
  • How To Guides (99)
  • Microsoft 365/Office (97)
  • Microsoft Announcements (97)
  • News (1,272)
  • Security (78)
  • Surface (47)
  • Windows (168)
  • XBOX and Gaming (418)

You May Have Missed

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10
  • News
  • XBOX and Gaming

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10

Dave W. Shanahan 2 days ago 0
XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week
  • News
  • XBOX and Gaming

XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week

Dave W. Shanahan 4 days ago 0
Microsoft Frontier Company: Microsoft's $2.5B Bet On Trusted Enterprise AI Transformation
  • News
  • Enterprise

Microsoft Frontier Company: Microsoft’s Big $2.5B Bet On Trusted Enterprise AI Transformation

Dave W. Shanahan 4 days ago 0
Microsoft Teams Rolls Out Smarter Bot Protection To Keep Unwanted AI Out Of Your Meetings
  • News
  • Microsoft 365/Office

Smarter Microsoft Teams Bot Protection Rolls Out To Keep Unwanted AI Out Of Your Meetings

Dave W. Shanahan 5 days ago 0
  • AI & Copilot
  • Azure Cloud
  • How To Guides
  • Microsoft 365 Office
  • Windows
  • XBOX
  • Privacy Policy
Copyright © 2026 All rights reserved. ReviewNews by AF themes.

    %d