AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesFebruary 9, 2026CVE-2026-21533

Summary

Microsoft Windows Remote Desktop Services (a tool that lets users connect to computers remotely) has a privilege escalation vulnerability (a bug that lets an authorized user gain higher-level access than they should have) that could let an attacker who already has some access to the system gain even more control. This vulnerability is currently being actively exploited by attackers.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. For specific patches or updates, consult https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 2.7%

Exploit Maturity

🔥 Actively Exploited

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-269

CAPEC (Attack Pattern)

CAPEC-122

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-21533

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 95%