Microsoft Patch Tuesday preview reveals 12 critical vulnerabilities including a wormable RCE in Windows Server. Adobe and Oracle also preparing major security updates. Zero-day in Microsoft Exchange being held for coordinated disclosure. Organizations should prepare for intensive patching next week.
⚡ Bottom line: Clear your schedules for Feb 10-11 — this will be a heavy patching week.
🔴
Critical Preview
CVE-2026-21845 — Windows Server Wormable RCE
Why It Matters
Microsoft has pre-announced a critical wormable vulnerability in Windows Server's SMB implementation affecting all versions from 2016 to 2025. Similar to EternalBlue, this flaw allows unauthenticated remote code execution with potential for self-propagating malware.
Impact
Description
Wormable
No user interaction required for propagation
Network-Wide
Can spread to all vulnerable Windows Servers
Pre-Auth RCE
Full SYSTEM access without credentials
Ransomware Risk
Perfect delivery mechanism for ransomware
Action Items
Inventory all Windows Server systems immediately
Prepare emergency patching plan for Feb 10 Patch Tuesday
Ensure SMB (445/TCP) is not exposed to internet
Enable Windows Firewall rules to restrict SMB access
Pre-stage WSUS/SCCM for rapid deployment
📧
Embargoed
Microsoft Exchange Zero-Day
Why It Matters
Security researchers have notified Microsoft of an actively exploited zero-day in Exchange Server 2019. Details embargoed until patch release, but indicators suggest it's being used by nation-state actors for email exfiltration. Patch expected Tuesday.
Action Items
Enable enhanced Exchange logging immediately
Monitor for unusual OWA/ECP access patterns
Review Exchange server outbound connections
Prepare Exchange maintenance window for Tuesday
Consider temporary WAF rules for Exchange endpoints
🎨
Upcoming
Adobe Creative Cloud Critical Updates Coming
Why It Matters
Adobe pre-announced 8 critical vulnerabilities across Photoshop, Illustrator, InDesign, and Acrobat. Several allow arbitrary code execution via malicious files, a common vector for targeted attacks.
Action Items
Inventory Adobe Creative Cloud installations
Enable automatic updates where possible
Warn users about opening files from untrusted sources
Prepare deployment plan for Tuesday's updates
☕
Upcoming
Oracle Critical Patch Update Preview
Why It Matters
Oracle's quarterly CPU will address 47 critical vulnerabilities across Java, WebLogic, MySQL, and Oracle Database. WebLogic vulnerabilities are historically targeted within 24-48 hours of patch release.
Action Items
Identify all Oracle products in environment
Prioritize WebLogic and externally-facing Oracle systems
Test patches in staging environment Monday
Schedule maintenance windows for Oracle systems
🌐
Expected
Firefox and Chrome Security Updates
Why It Matters
Both Mozilla and Google are expected to release security updates addressing multiple high-severity vulnerabilities in their browsers. V8 JavaScript engine vulnerabilities in Chrome are particularly concerning.
Action Items
Enable automatic browser updates
Verify browser update policies via MDM/GPO
Plan enterprise browser update deployment
Monitor for exploitation of disclosed vulnerabilities
Pre-Patch Tuesday Preparation
Inventory Tasks
Complete inventory of Windows Servers (SMB exposure)
Inventory Exchange Server deployments
List Adobe Creative Cloud installations
Identify Oracle products (WebLogic priority)
Document Cisco IOS XE devices
Preparation Tasks
Schedule maintenance windows for Feb 10-11
Pre-stage WSUS/SCCM for rapid deployment
Prepare rollback procedures
Alert IT teams for extended patching support
Test patch deployment in staging environment
Enable enhanced logging on critical systems
Verify backup integrity before patching
Run a KENSAI scan now to identify vulnerable systems before Patch Tuesday