Msrc

**Name of the Vulnerable Software and Affected Versions** Windows Shell (affected versions not specified) **Description** A protection mechanism failure in the Windows Shell allows an unauthorized remote attacker to bypass security features, specifically the Windows SmartScreen mechanism and Windows Shell warnings. By convincing a user to open a specially crafted shortcut file (.LNK) or follow a malicious link, an attacker can execute arbitrary code on the system. This issue has been exploited in real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions prior to February 2026 Patch Tuesday **Description** A critical security flaw in Microsoft Word allows an attacker to bypass security features locally by exploiting reliance on untrusted inputs during security decisions. This issue, categorized as CWE-807, specifically bypasses Object Linking and Embedding (OLE) mitigations, potentially enabling malicious COM/OLE controls to execute. The vulnerability is actively exploited in the wild, and successful exploitation requires a victim to open a specially crafted document. The flaw impacts global and enterprise users of Microsoft Office. The vulnerability abuses trust decisions in OLE activation, potentially involving issues with how Word resolves embedded CLSIDs and validates OLE stream metadata within the Compound File Binary. **Recommendations** Apply the February 2026 Patch Tuesday updates to all affected systems.

**Name of the Vulnerable Software and Affected Versions** DVP-12SE11T (affected versions not specified) **Description** The DVP-12SE11T device suffers from an authentication bypass issue due to partial password disclosure. This allows unauthorized access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.