February 2026 Patch Tuesday forecast: Lots of OOB love this month

Valentine’s Day is just around the corner and Microsoft has been giving us a lot of love with a non-stop supply of patches starting with January 2026 Patch Tuesday. The January releases addressed 92 vulnerabilities in Windows 11 and Server2025, as well as 79 vulnerabilities for Windows 10 and its associated servers. We also saw updates for legacy 2016 versions of Microsoft Office and even a SQL Server update. But these patches came with some problems because there were updates to address reported issues not long thereafter.

Microsoft to roll up multiple OOB fixes for Windows and Office issues

The Microsoft releases coming up this Patch Tuesday will include three rounds of out-of-band (OOB) patches from January. The first set, released January 17th, addressed two issues introduced with the January 2026 Patch Tuesday updates. The first issue involved credential prompt failures when attempting remote desktop or remote appliance connections.

The second issue involved the failure of some devices to shut down or enter hibernation mode. The remote connection issue impacted all supported OS including Windows 10 and 11, as well as Windows Server 2019, 2022, and 2025. The shutdown and hibernation issue was limited to Windows 11, 23H2. The second OOB patch came on January 24th, one Saturday after the first set. This one literally hit ‘close to home’ for me as it blocked my personal mail. Again, an issue introduced in the January Patch Tuesday updates, Microsoft Outlook Classic would experience problems when reading or writing to the .pst mail file if the file uses cloud-based storage like OneDrive. These OOB patches applied to all the supported OS I have listed previously for the remote connection issue.

And finally, the third OOB patch on January 26th, addressed a security vulnerability in Microsoft Office. Microsoft addressed zero-day vulnerability CVE-2026-21509, a security bypass vulnerability, which impacts multiple versions of Office including Microsoft 365 Apps for Enterprise. The current exploit requires a user to open a malicious Office file, which then provides unauthorized access to the system. All of these OOB fixes will be included in the February preview as well as the security releases on Patch Tuesday.

Microsoft plans phased NTLM disablement

Microsoft released their plan for the phased disablement of New Technology LAN Manager (NTLM) in the latest operating systems starting now in 2026 and beyond. The NTLM authentication protocol was introduced back in 1993 and has since been superseded by Kerberos protocols, which are far more secure. However, NTLM has remained the fallback when Kerberos is unavailable despite being deprecated and having weak algorithms.

Phase one is all about identifying where NTLM may still be running and changing it out where you can. Starting now, Microsoft recommends using advanced NTLM auditing already available in Server 2025, and Windows 11 24H2 and newer. Phase two begins with major OS updates coming later this year. They will address the ‘pain points’ or blockers by removing where Kerberos reverts back to NTLM.

And finally in Phase three, which is determined by the next major Server update, NTLM will be disabled by default. The code will still be there, but you will need to explicitly re-enable it if absolutely needed. This three-phase approach will happen quickly, so plan appropriately to replace NTLM in your environment and take a giant security step forward.

Active exploits reported in WinRAR and Notepad++

Before moving on to the forecast, I’d like to point out the exploitation of two widely used applications reported in the news this month. The Google Threat Intelligence Group provided an extensive analysis of CVE-2025-8088, a path traversal vulnerability, which allows remote code execution in WinRAR. This popular archival program has become a favorite target of numerous threat actors to perform espionage and achieve financial gain.

The second program, NotePad++ reported a security exposure on their blog specifically “the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org.” The latest security updates from both these vendors resolve these issues, but you may want to spend a little extra time reviewing your security posture to ensure there is no sign of compromise.

February 2026 Patch Tuesday forecast

• We already know some of the performance and security updates we should see this month based on the OOB releases so far. Expect the usual OS and Microsoft Office updates (more 2016 legacy updates?) and perhaps a .NET framework update as well.
• Adobe has been rotating the Creative Cloud Apps updates monthly. We may see updates for After Effects, Animate, Audition, Photoshop, and Premiere, if the trend continues.
• Apple is overdue for a major set of OS and Safari updates, the last coming in December, so watch for those soon.
• Several beta releases for Google Chrome 145 were released this week, so the GA versions should be coming Patch Tuesday.
• Mozilla released Firefox 147.0.2, Thunderbird 147.0.1, and Thunderbird ESR 140.7.1 on January 27th. Since these are all minor releases, I anticipate the 148 version coming next week for their suite of apps.

February 2026 Patch Tuesday is the 10th this year, so let’s roll out the updates by the end of the week and plan a nice Valentine’s Day dinner for the weekend. Let’s just hope the patches are stable and we don’t get another OOB love fest from Microsoft anytime soon.