Patch Tuesday · February 2026

February 2026 Patch Tuesday: what UK businesses need to know.

February 2026 was numerically smaller than usual, but included two vulnerabilities reported as actively exploited in the wild. Volume is not the right measure for prioritisation.

Executive summary

A lighter month — but two zero-days demand immediate action.

February 2026 was numerically smaller than usual, but included two vulnerabilities reported as actively exploited in the wild. Volume is not the right measure for prioritisation.

  • Risk theme: Actively exploited zero-days
  • Risk theme: Windows Common Log File System EoP
  • Risk theme: SharePoint Server RCE
  • Risk theme: .NET deserialisation flaw
Vulnerabilities remediated

The issues that move the needle this month.

We have focused on the categories with realistic exploitation paths for UK SMEs and regulated firms. Always cross-check with Microsoft's Security Update Guide and your own asset inventory before deployment.

Windows CLFS elevation of privilege (exploited)

A familiar component — the Common Log File System — once again the target of in-the-wild exploitation. Used for privilege escalation as part of ransomware tradecraft.

Windows kernel information disclosure (exploited)

Allows an attacker to read sensitive memory regions, easing exploitation chains.

SharePoint Server RCE

An authenticated attacker could execute code on an on-premises SharePoint server — particularly relevant for legal and professional services firms with internal portals.

.NET deserialisation

A flaw in a deserialisation path affecting custom .NET applications. Worth a conversation with internal development teams.

Affected systems

Where the risk lives.

  • All supported Windows client and server versions
  • SharePoint Server (Subscription Edition and earlier supported)
  • .NET runtime
Known deployment issues

What to watch for when rolling out.

  • SharePoint update required a configuration wizard run before sites came back online.
  • A small number of custom .NET apps needed re-compilation after the runtime change.
Pros of deploying
  • Patches two vulnerabilities already weaponised in the wild — non-negotiable.
  • Lower overall volume means a manageable testing window.
Cons / trade-offs
  • SharePoint maintenance carries downtime risk for collaboration-heavy teams.
  • .NET runtime change can surface latent bugs in bespoke applications.
Hints & tips for a successful deployment

How experienced teams roll these out without drama.

  • Treat the exploited CVEs as a same-week deployment, not a same-month one.
  • Coordinate SharePoint maintenance with the business — communicate in advance.
  • Run the SharePoint Products Configuration Wizard on every server in the farm.
How Secure Chain helps

Advice, guidance, or full remediation — your call.

Whether you want a second pair of eyes on this month's release or you would rather hand the entire patching cycle to us, Secure Chain Technology Group can support at any level of involvement.

  • Advisory: a prioritised briefing mapped to your estate and risk appetite, with recommended rollout rings.
  • Guided deployment: we work alongside your IT team — test plans, rollback procedures and change-management evidence.
  • Fully managed remediation: we deploy, validate and report on every patch through our Vulnerability Management-as-a-Service (VMaaS) and Patch Management services.
  • Compliance evidence: reporting aligned to Cyber Essentials Plus, ISO 27001 and DSPT requirements.
Sample report
Request a sample vulnerability report
Assessment
Book a cyber security assessment
← All Patch Tuesday briefings

Always verify against the official Microsoft Security Update Guide and your own asset inventory before deployment.