Article

Alert: Microsoft Security Updates - February 2026

Microsoft has released security updates addressing 58 vulnerabilities in its products, including six actively exploited zero-days (CVE-2026-21510, CVE-2026-21513, CVE-2026-21514, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533) and five critical flaws affecting elevation of privilege and information disclosure.

These updates apply to, but are not limited to:

Windows OS: 11.
Microsoft Edge
Exchange Server Subscription Edition (SE).
Microsoft Office 2021, 2024

Security Risks

Successful exploitation of these vulnerabilities could allow attackers to bypass security protections, escalate privileges, execute malicious code, deny service, or access sensitive information on affected systems. For the full list of security patches released by Microsoft, please refer to the Microsoft Security Update Guide and apply the necessary updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. Apply the latest security patches as soon as possible to prevent unauthorized control over unpatched systems.

2. Upgrade immediately to the latest supported version of installed Microsoft software to continue receiving technical support and security patches.

The following Microsoft software products reached their end-of-life and need to be upgraded soon:

Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012, and 2012 R2
Exchange Server 2003, 2007, 2010, 2013, 2016, 2019, and Windows Vista, XP, 8, and 7, 10.
Microsoft SQL Server 2005, 2008, 2012, 2014, and MS Office 2013, 2016 and 2019.

Additionally, scheduled for end-of-life in 2026; Upgrade recommended before end of support:

Microsoft SQL Server 2016: July 14, 2026 and Microsoft Office 2021: October 13, 2026

For more information, including other products reaching end-of-support in 2026, see Microsoft’s official documentation.

3. Before any updating task, ensure you have a current, tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References

12 February 2026

More updates

12 February 2026

Alert: Adobe Security Updates – February 2026

Adobe has released security updates to address multiple vulnerabilities in its software.

12 February 2026

Alert: Apple Security Updates – February 2026

Apple has released urgent security updates to address a vulnerability affecting multiple products.

05 February 2026

Security Alert: Exposed MongoDB Databases Targeted by Ransom Campaigns

Security experts have identified that MongoDB databases, that are publicly accessible without authentication, are being targeted in a ransom campaign.…

05 February 2026

Security Alert: Notepad++ Update Mechanism Exploited to Distribute Malware

A recent security incident involving the Notepad++ update infrastructure allowed attackers to intercept and redirect update traffic, delivering…

These updates apply to, but are not limited to:

Windows OS: 11.

Microsoft Edge

Exchange Server Subscription Edition (SE).

Microsoft Office 2021, 2024

Security Risks

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. Apply the latest security patches as soon as possible to prevent unauthorized control over unpatched systems.

2. Upgrade immediately to the latest supported version of installed Microsoft software to continue receiving technical support and security patches.

The following Microsoft software products reached their end-of-life and need to be upgraded soon:

Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012, and 2012 R2

Exchange Server 2003, 2007, 2010, 2013, 2016, 2019, and Windows Vista, XP, 8, and 7, 10.

Microsoft SQL Server 2005, 2008, 2012, 2014, and MS Office 2013, 2016 and 2019.

Additionally, scheduled for end-of-life in 2026; Upgrade recommended before end of support:

Microsoft SQL Server 2016: July 14, 2026 and Microsoft Office 2021: October 13, 2026

For more information, including other products reaching end-of-support in 2026, see Microsoft’s official documentation.

3. Before any updating task, ensure you have a current, tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References

Microsoft February 2026 Security Release Notes

Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws

Released: February 2026 Exchange Server Security Updates

Microsoft Ending Support in 2026

	info@ncsa.gov.rw
	9009 / 0781813310
	‎+250 791 445 224