'Critical' Windows security update released by Microsoft to fix 59 flaws — update your devices NOW

Taylor Bushey

By Taylor Bushey


Published: 12/02/2026

- 11:54

Updated: 12/02/2026

- 12:01
desktop-comment

Fraudsters are aware of these security concerns and are already trying hack into your devices

  • Microsoft just released fixes for 59 security concerns
  • Out of the 59, six are confirmed to be "critical"
  • Fraudsters are actively exploiting these flaws
  • The updates were released as part of the latest Patch Tuesday
  • Without these updates, you're at risk of having your personal data stolen

Microsoft has just issued a major security alert for all Windows 11 users, urging you to update your systems immediately. The tech giant released patches for 59 security concerns across its Windows 11 desktop software. Of the 59 total flaws, six are actively being exploited by attackers – so it's a race against time to patch the loopholes.

If you don't update your systems immediately, you could be leaving the back door open for a fraudster to install malware on your device. This could result in your personal data being stolen, such as your personal files, account logins, financial information, and more.

Security experts say the true danger of these recent flaws is being underplayed. Chris Goettl, vice president of security product management at Ivanti, told Forbes, “A risk-based prioritisation methodology warrants treating this vulnerability as higher severity than the vendor rating or CVSS score assigned.”

Here's how to update your devices, and how these six critical flaws could impact your devices.

Windows 11 on PCs

To ensure your device can receive these critical updates, you must have Windows 11 installed, which is the latest software system from Microsoft

| MICROSOFT PRESS OFFICE

How to update your device with Windows security patches

  1. Click Start
  2. Open Settings
  3. Go to Windows Update
  4. Click Check for updates
  5. If updates are available: Click Download & install
  6. Restart your computer when prompted
To ensure your device can receive these critical updates, you must have Windows 11 installed, which is the latest software system from Microsoft.
a laptop running windows 11 is pictured on a series of colourful ledges

If your device isn't updated, you could be at risk for hackers slipping through and installing malware

| MICROSOFT PRESS OFFICE

Microsoft ended support for Windows 10 in October of last year. This means free software updates to address security vulnerabilities, bugs, and critical issues for the older operating system are no longer available.

This has pushed many users to either upgrade to the new operating system or replace their PCs with devices that support it, so they can prevent hackers from taking advantage of these six major security concerns.

Out of the six noted by the tech firm, three of these security concerns are particularly critical because they let attackers bypass your Windows security protections entirely.

The first one, dubbed CVE-2026-21510, targets something called the Windows Shell – this is a major part of the Windows software that you interact with every day without even thinking about it.

"Most people will use the Windows Shell without ever learning its name or even really contemplating its existence," Adam Barnett, lead software engineer at Rapid7, confirmed to Forbes. This flaw lets hackers skip past those "are you sure?" prompts that normally protect you.

The second vulnerability, called CVE-2026-21513, affects the MSHTML Framework, which Windows uses to display web content. A specially crafted file can silently dodge security warnings and trigger dangerous actions, such as malware installations with just one click.

The third, CVE-2026-21514, hits Microsoft Word directly. "A malicious document can quietly bypass Word's built-in defences and open the door to full system compromise," Alex Vovk, CEO of Action1, warned.

The other three flaws are just as worrying, though they work a bit differently.

LATEST DEVELOPMENTS

CVE-2026-21519 and CVE-2026-21533 are privilege escalation flaws affecting the Desktop Window Manager and Remote Desktop Services. This means if an attacker has already got onto your computer, these bugs let them upgrade their access to full system control.

"Once on the host, the attacker can use these escalation vulnerabilities to elevate themselves to SYSTEM," Kev Breen, senior director of cyber threat research at Immersive, explained to Forbes. "With this level of privileges, the threat actor could disable security tooling, deploy additional malware, and in worst-case scenarios, gain access to secrets or credentials that could lead to a full domain compromise."

The final security concern, CVE-2026-21525, can crash your Remote Access Connection Manager. Mike Walters, co-founder of Action1, warned that "a simple local trigger can knock critical Windows networking services offline without warning."

a windows 11 laptop with the start menu open sits on a pedestal

Microsoft releases critical security updates on the second Tuesday of every month

| MICROSOFT PRESS OFFICE

It's worth noting that on top of the rolling updates Microsoft issues when these security concerns arise, the tech firm always releases new updates on the second Tuesday of every month, dubbed Patch Tuesday. The next scheduled update falls on March 10, 2026, so you'll want to mark this date in your diary.



TechMicrosoftMalwareWindows
More From GB News