These exploits are one-click attacks, allowing hackers to gain access to victims' computers with minimal user interaction. The company has urged all users to install the updates immediately.

What are Zero-day Vulnerabilities?

Microsoft releases important security updates on the second Tuesday of every month, known as "Patch Tuesday." This month's update patches fixed 59 Microsoft CVEs, including six zero-days.

A zero-day vulnerability is a cyberattack vector that takes advantage of an unknown security flaw in computer software, hardware, or firmware. With the software having "zero day" to fix the flaw, malicious actors can already use it to access systems.

Who is at Risk: Users and Enterprises

According to security expert Dustin Childs, this bug can be abused to remotely plant malware on victims' computers.

"There is user interaction here, as the client needs to click a link or a shortcut file," Childs wrote in his blog post. "Still, a one-click bug to gain code execution is a rarity."

A Google spokesperson confirmed that the Windows shell bug was under "widespread, active exploitation," and that successful hacks silently execute malware with high privileges, "posing a high risk of subsequent system compromise, deployment of ransomware, or intelligence collection."

Another Windows bug, tracked as CVE-2026-21513, was found in Microsoft's proprietary browser engine, MSHTML. The browser engine powers Microsoft's legacy and long-discontinued Internet Explorer browser. The browser is included in newer versions of Windows to ensure backward compatibility with older apps.

Another bug, CVE-2026-21510, found in the Windows shell that powers the operating system's user interface, "affects all supported versions of Windows." When a victim clicks a malicious link on their computer, the bug allows hackers to bypass Microsoft's SmartScreen feature, which typically screens links and files for malware.

How to Protect Yourself

Follow these steps to update your device:

Open Settings, then go to Windows Update and check for updates.

Windows will search for the latest Patch Tuesday updates. Once complete, you will see a button for Install or Restart.

The Future of Software Security: Bigger Picture

The latest zero-day exploitation highlights a growing cybersecurity threat. Rapid patch cycles and proactive threat intelligence become increasingly critical for Microsoft and other tech giants. The incident emphasizes the importance and need for continuous updates, layered defenses, and stronger global coordination against evolving digital threats.