February 2026 Patch Tuesday: Microsoft Fixes 6 Actively Exploited Zero-Day Vulnerabilities — What Dental Practices Need to Do Now

13 Feb February 2026 Patch Tuesday: Microsoft Fixes 6 Actively Exploited Zero-Day Vulnerabilities — What Dental Practices Need to Do Now

Microsoft’s February 2026 Patch Tuesday has arrived with urgent security updates addressing 58 vulnerabilities, including an alarming six actively exploited zero-day flaws and three publicly disclosed vulnerabilities. For dental practices running Windows-based workstations, practice management software, and digital imaging systems, this update demands immediate attention.

If your dental office hasn’t applied these patches yet, your systems are at risk right now. Here’s everything you need to know and exactly what steps to take.

What Was Patched in February 2026

This month’s update covers a broad range of vulnerability types across Microsoft’s ecosystem:

• 25 Elevation of Privilege vulnerabilities — allowing attackers to gain administrator-level access
• 12 Remote Code Execution vulnerabilities — enabling attackers to run malicious code on your machines
• 5 Security Feature Bypass vulnerabilities — letting threats slip past built-in Windows protections
• 6 Information Disclosure vulnerabilities — potentially exposing sensitive patient data
• 3 Denial of Service vulnerabilities — capable of taking systems offline
• 7 Spoofing vulnerabilities — used to trick users and systems

Five of these are rated Critical, including three elevation of privilege flaws and two information disclosure flaws that could directly impact healthcare environments where patient data protection is paramount.

The 6 Zero-Day Vulnerabilities Explained

Zero-day vulnerabilities are particularly dangerous because attackers are already using them before patches become available. Here are the six that Microsoft confirmed are being actively exploited:

CVE-2026-21510: Windows Shell Security Feature Bypass

This vulnerability allows attackers to bypass Windows SmartScreen and Shell security prompts by exploiting improper handling in Windows Shell components. When a user opens a malicious link or shortcut file, attacker-controlled content can execute without any user warning or consent. This likely bypasses the Mark of the Web (MoTW) security warnings that normally protect users from downloaded files. In a dental office, this could mean a single click on a phishing email attachment installs malware silently.

CVE-2026-21513: MSHTML Framework Security Feature Bypass

A protection mechanism failure in the MSHTML Framework allows unauthorized attackers to bypass security features over a network. The MSHTML engine is used by many applications beyond just Internet Explorer, making this flaw broadly dangerous for any Windows workstation.

CVE-2026-21391: Windows Storage Elevation of Privilege

This flaw lets attackers escalate from a standard user account to SYSTEM-level privileges. In a dental practice where staff members share workstations, a compromised standard account could give an attacker full control over the entire machine — including access to practice management databases and patient records.

CVE-2026-21418: Windows Ancillary Function Driver Elevation of Privilege

Another elevation of privilege vulnerability that attackers are actively exploiting in the wild, targeting the Windows Ancillary Function Driver for WinSock — a core networking component present on every Windows machine in your practice.

CVE-2026-21529: Windows Core Messaging Elevation of Privilege

This vulnerability in Windows Core Messaging allows attackers to gain elevated privileges through the internal messaging framework used by the operating system.

CVE-2026-21467: Microsoft Excel Remote Code Execution

A critical flaw in Microsoft Excel allows remote code execution when opening specially crafted spreadsheet files. Dental practices frequently share Excel files for scheduling, financial reports, and insurance tracking — making this an especially relevant threat vector.

Additional Critical Update: Secure Boot Certificates

Microsoft is also rolling out updated Secure Boot certificates to replace the original 2011 certificates expiring in late June 2026. This update ensures that your practice’s computers can continue to boot securely. The rollout is phased — devices will receive the new certificates automatically after demonstrating successful update signals.

Why This Matters for Dental Practices

Dental offices are increasingly targeted by cybercriminals because they hold valuable patient data (including Social Security numbers, insurance information, and health records) while often lacking enterprise-grade security teams. Consider these realities:

• HIPAA compliance requires timely patching. Failing to apply security updates constitutes a violation of the HIPAA Security Rule’s requirement to protect electronic Protected Health Information (ePHI).
• Ransomware gangs exploit unpatched systems. Healthcare was the most targeted sector for ransomware in 2025, with dental practices and small clinics representing 26% of attacks on secondary healthcare institutions.
• Dental software runs on Windows. Dentrix, Eaglesoft, Open Dental, and most imaging software run on Windows — meaning these vulnerabilities directly affect your clinical workflow.
• Cyber insurance increasingly requires patching SLAs. Many cyber insurance policies now require critical patches to be applied within 14-30 days, and failure to comply could void your coverage.

Action Steps for Your Dental Practice

Immediate (This Week)

1. Apply Windows Updates on all workstations and servers immediately. Go to Settings → Windows Update → Check for Updates. For managed environments, push the update through your patch management tool (WSUS, Intune, etc.).
2. Restart all machines after updating. Many patches don’t take effect until the system reboots. Schedule after-hours restarts if needed.
3. Update Microsoft Office / Microsoft 365. The Excel zero-day (CVE-2026-21467) requires Office updates as well. Open any Office app → File → Account → Update Options → Update Now.
4. Warn staff about phishing. With SmartScreen bypass exploits in the wild, remind your team: do not open unexpected email attachments or click unfamiliar links, even if they appear to come from known contacts.

This Month

1. Verify all systems are patched. Check Windows Update history on each workstation to confirm the February 2026 cumulative update was installed.
2. Review your backup strategy. Ensure you have current, tested backups of your practice management system, patient databases, and digital imaging archives.
3. Contact your IT provider. If you use a managed service provider (MSP), confirm they have deployed February’s patches across all your systems and ask for a compliance report.

Don’t Wait — Patch Today

Six actively exploited zero-days in a single Patch Tuesday is unusually high and signals that sophisticated attackers are already leveraging these flaws. Every day your dental practice runs unpatched systems is a day your patient data, your operational uptime, and your HIPAA compliance status are at risk.

Make patching a non-negotiable part of your practice’s IT routine. Your patients trust you with their health information — make sure your technology deserves that trust.