Microsoft patched a critical zero-day vulnerability, CVE-2026-21513 (CVSS 8.8), in its February security update after confirming active exploitation targeting the MSHTML component. The flaw resided in ieframe.dll, allowing attackers to bypass the Mark-of-the-Web protection and Internet Explorer Enhanced Security Configuration, potentially leading to arbitrary code execution. Cybersecurity firm Akamai traced a malicious LNK file exploiting this issue to infrastructure linked with the Russian state-sponsored group APT28. Despite Internet Explorer's retirement, remnants like MSHTML continue to pose risks in legacy code paths. Organizations are urged to apply the patch immediately and monitor for related indicators of compromise.