Windows Shell 0-Day Flaw Bypasses Security Feature
With its recent Patch Tuesday updates, Microsoft addressed a critical zero-day vulnerability in Windows Shell that is actively exploited in the wild. Tracked as CVE-2026-21510, this security flaw...
With its recent Patch Tuesday updates, Microsoft addressed a critical zero-day vulnerability in Windows Shell that is actively exploited in the wild.
Tracked as CVE-2026-21510, this security flaw allows remote attackers to bypass essential protection mechanisms, putting millions of Windows users at risk.
The vulnerability is classified as a “Security Feature Bypass” with a CVSS score of 8.8 (Important). It resides in how Windows Shell handles certain file types.
Normally, Windows uses features like SmartScreen and user prompts to warn you before running potentially dangerous files from the internet, a concept known as the “Mark of the Web.”
By exploiting CVE-2026-21510, attackers can create specially crafted files (such as malicious shortcuts or links) that evade these checks entirely.
If a user is tricked into clicking such a link, the attacker’s malicious code can execute immediately without any warning dialogs or consent prompts appearing on the screen.
This effectively bypasses the “authentication” step, where the user approves the execution of untrusted software.
The flaw affects a vast range of Microsoft products, spanning both modern and older systems. According to the release data, the vulnerable versions include:
| Product Family | Affected Versions |
|---|---|
| Windows 10 | Versions 1607, 1809, 21H2, 22H2 |
| Windows 11 | Versions 23H2, 24H2, 25H2, 26H1 |
| Windows Server | 2012, 2012 R2, 2016, 2019, 2022, 2025 |
Microsoft has confirmed that this vulnerability allows attackers to run unauthorized content as if it were trusted.
Because this vulnerability is actively exploited (a 0-day), administrators and users must patch their systems immediately.
Update Now: Go to Settings > Windows Update and check for updates released on February 10, 2026.
Watch for Links: Be extra cautious when clicking links or opening shortcut files from unknown sources, even if they appear harmless, until the patch is applied.
The discovery of this flaw was credited to researchers from the Microsoft Threat Intelligence Center (MSTIC) and the Google Threat Intelligence Group, highlighting the severity and cross-industry attention this issue has received.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.