Host Graham Falkner breaks down Microsoft’s February 2026 Patch Tuesday: more than 50 vulnerabilities across Windows and Microsoft 365, including six that were actively exploited before patches arrived. This episode explains which flaws matter, who’s affected, and the practical steps businesses should take immediately.

Coverage includes the six confirmed actively exploited vulnerabilities (triple January’s count): three security‑feature bypasses that remove user protections (including a Word document bypass that is not triggered by Outlook preview), Desktop Window Manager (DWM) flaws that allow privilege escalation — and are being exploited for a second month — a Remote Desktop Services elevation issue found by CrowdStrike, and a Remote Access Connection Manager VPN crash vulnerability with a ready‑made exploit tool in criminal circulation. CISA has added all six to its known exploited list, with federal agencies required to patch by March 3.

The episode also highlights developer‑focused risks: three serious GitHub Copilot flaws that let hidden malicious instructions run commands on a developer’s machine, and a 9.8‑severity flaw in Microsoft’s Azure Cloud Tools for Python. Faulkner explains why developers are high‑value targets and why organizations that build or buy software must prioritize these fixes.

Other major items: January’s three out‑of‑band patches rolled into February’s cumulative update; Microsoft’s upcoming certificate updates that begin expiring from June (important for old or rarely‑connected hardware); SAP’s 26 security notes including a 9.9 remote‑command vulnerability and multiple high‑risk issues that can impact supply chains; Adobe’s 40+ fixes (27 critical), and updates from BeyondTrust, Ivanti, Cisco, Fortinet and others. Note: Google’s Android bulletin for February reported no security fixes.

Special callouts: an Outlook vulnerability that can capture credentials just by previewing a crafted email in the reading pane (apply all related Outlook patches), and Microsoft’s gradual retirement of NTLM which may break legacy business apps unless you plan ahead.

Actionable priorities and patch playbook: First wave (within 24 hours) — apply all six actively exploited fixes, the Azure Python tool patch for developer teams, and all Outlook fixes. Second wave (within 72 hours) — SAP (if you run it), Exchange Server, GitHub Copilot mitigations for developer teams, BeyondTrust remote‑support fixes. Third wave (within one week) — remaining SAP and Adobe updates, Cisco, Fortinet, and other important but not‑yet‑exploited updates. Faulkner stresses verifying deployment, testing remote desktop and Office workflows, and building patch management into incident response playbooks.

Who should listen: IT managers, small business owners, developers, MSPs, and security teams responsible for patching and remote access. The episode gives clear, prioritized guidance to reduce exposure quickly and recommends sharing the full CVE tables and patch tiers with your IT team or managed service provider.

Find the Blog Post here: - https://noelbradford.squarespace.com/blog/patch-tuesday-february-2026-six-zero-days-uk-smb-guide-2026

podscan_adfmJQJllh7XQBrNPLHkG9va1aIn6VKo