February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell

Hosted by Chris Goettl and Todd Schell
Patch Tuesday Webinar
Wednesday, February 11, 2026

Copyright © 2026 Ivanti. All rights reserved. 2
Agenda
▪ February 2026 Patch Tuesday Overview
▪ In the News
▪ Bulletins and Releases
▪ Between Patch Tuesdays
▪ Q & A

February Patch Tuesday 2026
February Patch Tuesday includes recent out-of-
band updates from Microsoft between January
17th and 29th, including multiple bug fixes and a
fix for a zero-day exploit in Microsoft Office. In
addition, Microsoft announced the phased
disablement of NTLM in the week prior to the
February 2026 Patch Tuesday release.
For the February Patch Tuesday release,
Microsoft has resolved 57 unique CVEs. Six
CVEs are flagged as Exploited and three of those
are Publicly Disclosed as well. Add the OOB
zero-day and you have a lineup of CVEs that
need some attention.
For more details check out this month's Patch
Tuesday blog.

In the News

In the News
▪ Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
▪ Notepad++ Hijacked by State-Sponsored Hackers
▪ Chinese Hackers Hijack Notepad++ Updates for 6 Months
▪ Patch Tuesday, February 2026 Edition
▪ NTLM Phase Out
▪ Advancing Windows security: Disabling NTLM by default
▪ Overview of NTLM auditing enhancements in Windows 11, version 24H2 and Windows Server
2025
▪ Active Directory Hardening Series - Part 8 – Disabling NTLM

▪ CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability (Out-of-band)
▪ CVSS 3.1 Scores: 7.8/7.2
▪ Severity: Important
▪ Impact: Security Feature Bypass
▪ Affected Systems: All currently supported versions of Office including the LTSC 2021 and 2024
▪ Per Microsoft: An attacker must send a user a malicious Office file and convince them to open it. This update
addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect
users from vulnerable COM/OLE controls. The Preview Pane is not an attack vector.
Known Exploited and Publicly Disclosed Vulnerabilities

▪ CVE-2026-21510 Windows Shell Security Feature Bypass Vulnerability
▪ CVSS 3.1 Scores: 8.8/8.2
▪ Affected Systems: All currently supported Windows operating systems
▪ Per Microsoft: To successfully exploit this vulnerability, an attacker must convince a user to open a malicious link
or shortcut file. Once accomplished, an attacker could bypass Windows SmartScreen and Windows Shell
security prompts by exploiting improper handling in Windows Shell components, allowing attacker-controlled
content to execute without user warning or consent.
Known Exploited and Publicly Disclosed Vulnerabilities (cont)

▪ CVE-2026-21513 MSHTML Framework Security Feature Bypass Vulnerability
▪ CVSS 3.1 Scores: 8.8/7.7
▪ Per Microsoft: An attacker could exploit this vulnerability by convincing a user to open a malicious HTML file or
shortcut (.lnk) file delivered through a link, email attachment, or download. The specially crafted file manipulates
browser and Windows Shell handling, causing the content to be executed by the operating system. This allows
the attacker to bypass security features and potentially achieve code execution.

▪ CVE-2026-21514 Microsoft Word Security Feature Bypass Vulnerability
▪ CVSS 3.1 Scores: 7.8/7.2
▪ Affected Systems: All currently supported versions of Office including the LTSC 2021 and 2024 versions for Mac.
▪ Per Microsoft: An attacker must send a user a malicious Office file and convince them to open it. The malicious
code can exploit a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which
protect users from vulnerable COM/OLE controls.

▪ CVE-2026-21519 Desktop Window Manager Elevation of Privilege Vulnerability
▪ CVSS 3.1 Scores: 7.8/6.8
▪ Impact: Elevation of Privilege
▪ Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Known Exploited Vulnerabilities

▪ CVE-2026-21525 Windows Remote Access Connection Manager Denial of Service Vulnerability
▪ CVSS 3.1 Scores: 6.2/5.4
▪ Impact: Denial of Service
▪ Per Microsoft: Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized
attacker to deny service locally.
Known Exploited Vulnerabilities (cont)

▪ CVE-2026-21533 Windows Remote Desktop Services Elevation of Privilege Vulnerability
▪ CVSS 3.1 Scores: 7.8/7.2
▪ Impact: Elevation of Privilege
▪ Per Microsoft: Improper privilege management in Windows Remote Desktop allows an authorized attacker to
elevate privileges locally.
Known Exploited Vulnerabilities (cont)

CVE-2026-23105
CVSS 3: 7.0
Impact: Various Linux distributions and associated
kernel versions.
▪ The core issue is an inconsistency in the
codebase where the function relied on checking
the child qdisc's queue length rather than
utilizing the proper cl_is_active helper function
designed for this purpose.
▪ This inconsistency creates a potential attack
surface where an adversary could manipulate
child queue length values to influence class
activation decisions.
New and Notable Linux Vulnerabilities: 1
▪ The QFQ scheduler is used for network traffic
control and quality of service enforcement,
making this a network-accessible component on
affected systems.
Mitigation
Update the Linux kernel to the latest patched
version containing the fix for QFQ network
scheduling. If a kernel update is not immediately
possible, consider disabling QFQ scheduler (if not
required).
Highlighted by TuxCare

CVE-2026-23092
CVSS 3: 7.8
Impact: Various Linux distributions and
associated kernel versions.
▪ An out-of-bounds write vulnerability was
discovered in the Linux kernel's IIO (Industrial
I/O) subsystem, specifically within the ad3552r-
hs DAC (Digital-to-Analog Converter) driver.
▪ When simple_write_to_buffer() succeeds, it
returns the number of bytes actually copied to
the buffer. However, the vulnerable code
incorrectly uses the count parameter as the
index for null termination instead of the actual
bytes copied.
▪ Local attackers with access to the device node
can trigger stack buffer overflow by writing more
than 64 bytes, potentially leading to kernel
memory corruption, denial of service, or privilege
escalation.
▪ Mitigation
Apply the official kernel patches immediately on
affected systems. Restrict access to IIO device
nodes to trusted users only and enable KASAN on
development and staging systems to detect
exploitation attempts.

CVE-2026-23017
CVSS 3: 7.0
Impact: Various Linux distributions and
associated kernel versions.
▪ Null pointer dereference vulnerability in the
Linux kernel's IDPF (Infrastructure Data Path
Function) network driver.
▪ Error found in the handling logic of the init_task
function during driver load operations.
▪ When the initialization task fails, the driver
incorrectly leaves the system without properly
initialized vports and netdevs, yet subsequent
reset operations attempt to access these
uninitialized resources, resulting in a kernel
crash.
▪ Successful exploitation can cause a kernel panic
and system crash when the service task
attempts to access uninitialized resources during
a hardware reset operation following a failed
driver initialization.
Mitigation
Update to latest kernel version.

Ivanti Endpoint Manager (EPM)
Ivanti Endpoint Manager Mobile
(EPMM)
Security Advisory: Ivanti
Endpoint Manager
Endpoint Manager
Endpoint Manager Mobile
Ivanti Security Updates
At the time of disclosure of the Ivanti EPMM vulnerabilities, Ivanti was aware of a very limited number of
customers whose solution had been exploited. Ivanti urges all customers using the on-prem EPMM product to
promptly install the security update.
Vulnerabilities:
• CVE-2026-1602 CVSS: 6.5
• CVE-2026-1603 CVSS: 8.6
Affected Versions:
• 2024 SU4 SR1 and prior
Vulnerabilities:
• 13 Reported CVSS: 8.8 – 6.5
Affected Versions:
Vulnerabilities:
• CVE-2026-1281 CVSS: 9.8
• CVE-2026-1340 CVSS: 9.8
Affected Versions:
• 12.5.0.0 and prior
Ivanti Endpoint Manager (EPM)

Windows 11 Lifecycle Awareness
Windows 11 Home and Pro
Version Release Date End of Support Date
25H2 9/30/2025 10/12/2027
24H2 10/1/2024 10/13/2026
Windows 11 Enterprise and Education
Version Release Date End of Support Date
25H2 9/30/2025 10/10/2028
24H2 10/1/2024 10/12/2027
23H2 10/31/2023 11/10/2026
Source: Microsoft

Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2025 Datacenter and Standard 11/01/2024 10/09/2029 10/10/2034
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
▪ Focused on server long-term stability
▪ Major version releases every 2-3 years
▪ 5 years mainstream and 5 years extended support (not ESU)
▪ Server core or server with desktop experience available
Source: Microsoft

Microsoft Support Ivanti Support
Windows 10 22H2 reached EOS Oct 2025
Three years of ESU support
• Year 1 October 15, 2025 – October 13, 2026
Licensing and Pricing
• Full-year purchase only
• Price doubles each year
• Cloud-based licensing via Windows 365 and Intune
• 5 by 5 licensing via manual key download
ESU support based on Microsoft releases
Available for three major patch products
• Neurons for Patch Management
• Endpoint Manager
• Security Controls
Familiar model
• Concurrent with Microsoft support years
• Offered as special content
• Requires signed EULA addendum
• Tiered pricing based on required endpoints
• Fixed price throughout life of program
Windows 10 Extended Security Updates (ESU)

Microsoft Patch Tuesday Updates of Interest
Advisory 990001 Latest Servicing Stack Updates (SSU)
▪ No reported updates this month
▪ Azure and Development Tool Updates
▪ .NET 8, 9, and 10
▪ Azure AI Language Authoring
▪ Azure DevOps Server 2022
▪ Azure IoT Explorer
▪ Azure HDInsight
▪ Azure Local
▪ GitHub Copilot Plugin for JetBrains IDEs
▪ Microsoft ACI Confidential Containers
▪ Microsoft Visual Studio 2022 version 18.3 and 17.14
▪ Visual Studio Code

Patch Content Announcements
Announcements Posted on Community Forum Pages
▪ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
▪ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune

Bulletins and Releases

APSB26-14: Security Update for Adobe Audition
▪ Maximum Severity: Critical
▪ Affected Products: Adobe Audition versions 25.6 and 26
▪ Description: Adobe has released an update for Adobe Audition for Windows and macOS. This
update addresses 1 vulnerability rated Critical and 5 rated Important. See
https://helpx.adobe.com/security/products/audition/apsb26-14.html for more details.
▪ Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.
▪ Impact: Arbitrary Code Execution, Denial of Service, Information Disclosure
▪ Fixes 6 Vulnerabilities: CVE-2026-21312, CVE-2026-21313, CVE-2026-21314, CVE-2026-
21315, CVE-2026-21316, CVE-2026-21317
▪ Restart Required: Requires application restart

APSB26-15: Security Update for Adobe After Effects
▪ Affected Products: Adobe After Effects versions 25.6.4 and 26
▪ Description: Adobe has released an update for Adobe After Effects for Windows and macOS.
This update addresses 15 vulnerabilities with 13 rated Critical and 2 rated Important. See
https://helpx.adobe.com/security/products/after_effects/apsb26-15.html for more details.
▪ Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.
▪ Fixes 15 Vulnerabilities: See bulletin for list of CVEs.

▪ Affected Products: Adobe InDesign 21.2 and InDesign 20.5.2
▪ Description: Adobe has released an update for Adobe InDesign for Windows and macOS. This
update addresses 3 vulnerabilities with 1 rated Critical and 2 Important. See
https://helpx.adobe.com/security/products/indesign/apsb26-17.html for more details. Adobe is
not aware of any exploits in the wild for any of the issues addressed in these updates.
▪ Fixes 3 Vulnerabilities: CVE-2026-21332, CVE-2026-21357, CVE-2026-21358
APSB26-17: Security Update for Adobe InDesign

APSB26-21: Security Update for Adobe Bridge
▪ Affected Products: Adobe Bridge versions 15.1.4 (LTS) and 16.0.2
▪ Description: Adobe has released a security update for Adobe Bridge for Windows and
macOS. This update resolves 2 vulnerabilities rated Critical. See
https://helpx.adobe.com/security/products/bridge/apsb26-21.html for more details. Adobe is not
aware of any exploits in the wild for any of the issues addressed in these updates.
▪ Impact: Arbitrary Code Execution
▪ Fixes 2 Vulnerabilities: CVE-2026-21346 and CVE-2026-21347

▪ Maximum Severity: Important
▪ Affected Products: Microsoft Windows 11 Version 23H2, 24H2, 25H2, Server 2025 and Edge
Chromium
▪ Description: This bulletin references KB 5075941 (23H2), KB 5077181 (24H2 and 25H2), and
KB 5075899 (Server 2025). See KBs for details of all changes.
▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
▪ Fixes 31 Vulnerabilities: CVE-2026-21510 and CVE-2026-21513 are known exploited and
publicly disclosed. CVE-2026-21519 , CVE-2026-21525, and CVE-2026-21533 are known
exploited. CVE-2025-2884 was re-issued and is publicly disclosed. See the Security Update
Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: See next slide
MS26-02-W11: Windows 11 Update

February Known Issues for Windows 11
▪ KB 5075942 – Windows Server 2025 Datacenter Azure Edition - Hotpatch
▪ [WSUS] Per Microsoft Windows Server Update Services (WSUS) does not display
synchronization error details within its error reporting. This functionality is temporarily
removed to address the Remote Code Execution Vulnerability, CVE-2025-59287
▪ KB 5075899 – Windows Server 2025
▪ [WSUS]

▪ Affected Products: Microsoft Windows 10 LTSB, Server 2016, Server 2019, and Server 2022
▪ Description: This bulletin references multiple KB articles. See Windows 10 and associated
server KBs for details of all changes.
▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
▪ Fixes 30 Vulnerabilities: CVE-2026-21510 and CVE-2026-21513 are known exploited and
publicly disclosed. CVE-2026-21519 , CVE-2026-21525, and CVE-2026-21533 are known
exploited. See the Security Update Guide for the complete list of CVEs.
▪ Known Issues: See next slide
MS26-02-W10: Windows 10 LTSB and Servers

February Known Issues for Windows 10 LTSB and Servers
▪ KB 5075906 – Windows Server 2022
▪ [WSUS] Per Microsoft Windows Server Update Services (WSUS) does not display
synchronization error details within its error reporting. This functionality is temporarily
removed to address the Remote Code Execution Vulnerability, CVE-2025-59287.
▪ KB 5075897 – Windows Server 2022, 23H2 version
▪ [WSUS]

▪ Affected Products: Microsoft Exchange Server 2016 CU23, Microsoft Exchange Server 2019
CU14 and CU15, and Microsoft Exchange Server Subscription RTM Edition
▪ Description: This security update addresses 1 vulnerabilities in Microsoft Exchange Server.
This bulletin is based on 4 KB articles.
▪ Impact: Spoofing
▪ Fixes 1 Vulnerability: CVE-2025-21527. The CVE is not known exploited or publicly disclosed.
▪ Known Issues: None reported
MS26-02-EXCH: Security Updates for Exchange Server

MS26-02-OFF: Security Updates for Microsoft Office
▪ Affected Products: Excel 2016*, Office Online Server, Office LTSC for Mac 2021 and 2024,
Outlook 2016*, and Word 2016*
▪ Description: This security update addresses 6 vulnerabilities in Microsoft Office and supporting
products. This bulletin is based on 3 KB articles plus release notes for Office for Mac.
▪ Impact: Security Feature Bypass, Spoofing, Elevation of Privilege, Information Disclosure
▪ Fixes 6 Vulnerabilities: CVE-2026-21514 is known exploited or publicly disclosed. This update
also addresses CVE-2026-21258, CVE-2026-21259, CVE-2026-21260, CVE-2026-21261, and
CVE-2026-21511.
NOTE: App* - New security update provided following recent EOL

MS26-02-O365: Security Updates for Microsoft 365 Apps
▪ Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021 and Office LTSC 2024
▪ Description: This security update addresses 6 vulnerabilities in Microsoft Office. Information on
the security updates is available at https://learn.microsoft.com/en-
us/officeupdates/microsoft365-apps-security-updates.
▪ Impact: Security Feature Bypass, Spoofing, Elevation of Privilege, Information Disclosure
▪ Fixes 6 Vulnerabilities: CVE-2026-21514 is known exploited or publicly disclosed. This update
also addresses CVE-2026-21258, CVE-2026-21259, CVE-2026-21260, CVE-2026-21261, and
CVE-2026-21511.
NOTE: New security update provided for Office 2019 which is beyond recent EOL.

MS26-02-SPT: Security Updates for SharePoint Server
▪ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
▪ Description: This security update resolves 2 vulnerabilities in Microsoft SharePoint Server.
This bulletin references 5 KB articles.
▪ Impact: Spoofing
▪ Fixes 2 Vulnerabilities: CVE-2026-21511 and CVE-2026-21260. No CVEs are publicly
disclosed or known exploited.

Between Patch Tuesdays

Windows Release Summary
▪ Security Updates (with CVEs): Amazon Corretto (4), AutoCAD (1), Google Chrome (3), Firefox (1), Java
Development Kit 11 (1), Java Development Kit 17 (1), Java Development Kit 21 (1), Java Development Kit 25
(1), Node.JS (Current) (1), Node.JS (LTS Upper) (3), Thunderbird (1), Thunderbird ESR (1)
▪ Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (2), Amazon WorkSpaces (1),
Azul Zulu (4), Cisco Duo Desktop (2), Corretto (1), Citrix Workspace App (1), Devolutions Remote Desktop
Manager (1), Docker (4), Dropbox (3), Eclipse Adoptium (4), Firefox (2), GoodSync (2), GIMP (1), Git (1),
GoLang (2), Java 8 (1), Notepad++ (1), NextCloud Desktop Client (1), Opera (3), VirtualBox (1), PDF24
Creator (1), PDF-Xchange Editor Plus (1), Ivanti Secure Access Client (1), Python (2), Ria Digi (1),
Rocket.Chat Desktop Client (1), Slack Machine-Wide Installer (1), Snagit (1), Splunk Universal Forwarder (1),
Sourcetree for Windows Enterprise (1), Apache Tomcat (3), TeamViewer (2), VMware Tools (1), VSCodium
(2), Wireshark (2), Zoom Rooms App (1), Zoom Workplace VDI App (1)
▪ Non-Security Updates: 1Password (2), 8x8 Work Desktop (1), Box Drive (2), Bitwarden (1), DBeaver Lite
(1), docuPrinter (1), draw.io (1), Evernote (2), GeoGebra Classic (1), RingCentral App (Machine-Wide
Installer) (1), ShareX (2), WinMerge (1)

Windows Third Party CVE Information
▪ Google Chrome 144.0.7559.97
▪ CHROME-260121, QGC1440755997
▪ Fixes 6 Vulnerabilities: CVE-2024-6116, CVE-2024-6117, CVE-2024-6118, CVE-2024-6119, CVE-
2024-6120, CVE-2024-6121
▪ CHROME-260128, QGC14407559110
▪ Fixes 1 Vulnerability: CVE-2026-1504
▪ CHROME-260203, QGC14407559133
▪ Fixes 2 Vulnerabilities: CVE-2026-1861, CVE-2026-1862
▪ AutoCAD 2023.1.8
▪ ADAC23-260204, QACAD202318
▪ Fixes 17 Vulnerabilities: CVE-2025-1273, CVE-2025-1274, CVE-2025-1277, CVE-2025-1656,
CVE-2025-5038, CVE-2025-5043, CVE-2025-5046, CVE-2025-5047, CVE-2025-5048, CVE-2025-
6631, CVE-2025-6635, CVE-2025-6636, CVE-2025-6637, CVE-2025-7497, CVE-2025-7675,
CVE-2025-8893, CVE-2025-8894

Windows Third Party CVE Information (cont)
▪ Corretto 21.0.10.7.1
▪ CRTO21-260121, QCRTOJDK2110
▪ Fixes 4 Vulnerabilities: CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945
▪ Corretto 17.0.18.8.1
▪ Corretto 11.0.30.7.1
▪ Corretto 8.482.08.1
▪ CRTO8-260121, QCRTOJDK8482 and QCRTOJRE8482

▪ Java Development Kit 25 Update 25.2
▪ JDK25-251021, QJDK2502
▪ Java Development Kit 21 Update 21.0.10
▪ JDK21-260119, QJDK21010
▪ JDK11-260119, QJDK17018
▪ JDK11-260121, QJDK11030

▪ Node.JS 25.3.0 (Current)
▪ NOJSC-260121, QNODEJSC2530
CVE-2025-59466, CVE-2026-21637
▪ Node.JS 24.13.0 (LTS Upper)
▪ NOJSLU-260120, QNODEJSLU24130
CVE-2025-59466, CVE-2026-21637
CVE-2025-59466, CVE-2026-21637
CVE-2025-59466, CVE-2026-21637

▪ Firefox 147.0.2
▪ FF-260127, QFF14702
▪ Thunderbird 147.0.1
▪ TB-260123, QTB14701
▪ Thunderbird ESR 140.7.0
▪ TBE-260120, QTB14070
▪ Fixes 13 Vulnerabilities: CVE-2025-14327, CVE-2026-0877, CVE-2026-0878, CVE-2026-0879, CVE-
2026-0880, CVE-2026-0882, CVE-2026-0883, CVE-2026-0884, CVE-2026-0885, CVE-2026-0886,
CVE-2026-0887, CVE-2026-0890, CVE-2026-0891
▪ TBE-260129, QTB14071

Apple Release Summary
▪ Security Updates (with CVEs): Google Chrome (3), Adobe InDesign (1), Microsoft Edge (3),
Firefox (1), Thunderbird (1), Thunderbird ESR (1)
▪ Security Updates (w/o CVEs): Microsoft Office Word (1)
▪ Non-Security Updates: 1Password (1), Adobe Photoshop (2), Adobe Acrobat DC and Acrobat
Reader DC (1), Amazon WorkSpaces (1), BetterTouchTool (5), Brave (4), Docker Desktop (5),
draw.io (1), Evernote (3), Firefox (2), Figma (1), Google Drive (1), GIMP (1), Go (2), Grammarly
(3), IntelliJ IDEA (1), iTerm2 (1), Krisp (1), LibreOffice (1), Obsidian (2), OneDrive (2), Opera
(3), Microsoft Office OneNote (2), Microsoft Office Excel (3), Microsoft Office Outlook (3),
Microsoft Office PowerPoint (2), Microsoft Office Word (3), pgAdmin (3), Spotify (2), Visme (1),
Visual Studio Code (2), VSCodium (1), Webex Teams (1)

Apple Third Party CVE Information
▪ CHROMEMAC-260121
▪ Adobe InDesign 2026 (21.2)
▪ IDSN2026MAC-260123
▪ Fixes 3 Vulnerabilities: CVE-2026-21332, CVE-2026-21357, CVE-2026-21358

Apple Third Party CVE Information (cont)
▪ Microsoft Edge 144.0.3719.82
▪ MEDGEMAC-260119
CVE-2026-0903, CVE-2026-0904, CVE-2026-0905, CVE-2026-0906, CVE-2026-0907, CVE-2026-
0908, CVE-2026-21223, CVE-2026-1220
▪ Microsoft Edge 144.0.3719.115
▪ MEDGEMAC-260205

Apple Third Party CVE Information (cont)
▪ Firefox 147.0.2
▪ MFSA2026-06
▪ Thunderbird 147.0.1
▪ MFSA2026-07
▪ TBE140-260128

Q & A

Chris Goettl and Todd Schell
Thank You!

February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell

More Related Content

Similar to February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell

More from Ivanti

Recently uploaded

February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell