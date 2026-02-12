Microsoft has issued a warning about critical security vulnerabilities in its Windows and Office software. The tech giant said these flaws are being actively exploited by hackers to gain unauthorized access to users' computers. The exploits are one-click attacks, meaning they require minimal user interaction for a hacker to plant malware or break into a victim's system.

Exploit details Hackers exploiting zero-day vulnerabilities The vulnerabilities are termed zero-days as they were exploited by hackers before Microsoft had a chance to patch them. At least two of these flaws can be exploited by deceiving a user into clicking on a malicious link on their Windows computer. Another one can be exploited when an Office file is opened.

Research contribution Google's threat intelligence group helped Microsoft identify bugs In its bug reports, Microsoft acknowledged the contributions of security researchers from Google's Threat Intelligence Group in discovering these vulnerabilities. One of the bugs, officially tracked as CVE-2026-21510, was found in the Windows shell that powers the operating system's user interface. The company said this bug affects all supported versions of Windows and lets hackers bypass Microsoft's SmartScreen feature by clicking on a malicious link from their computer.

Expert opinion One-click bug could be used to remotely plant malware Security expert Dustin Childs warned that the Windows shell bug could be abused to remotely plant malware on a victim's computer. "There is user interaction here, as the client needs to click a link or a shortcut file," Childs wrote in a blog post. "Still, a one-click bug to gain code execution is a rarity," he added.

