CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Mar 3, 2026
Description
Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
EPSS — Exploit Probability
Higher than 85.8% of all CVEs
Required Action
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
Related Articles (2)
Patch Tuesday, February 2026 Edition
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.
Feb 10, 2026
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
Today is Microsoft's March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities.
Mar 10, 2026
Risk Assessment
ELEVATEDDetails
- Severity
- High
- EPSS
- 2.7%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 2
Timeline
Published
Feb 10, 2026
Added to KEV
Feb 10, 2026
Remediation Due
Mar 3, 2026