Look, we all know Microsoft loves a good “Patch Tuesday,” but apparently, they couldn’t wait until next week to ruin your weekend. It’s February 8, 2026, and Redmond just dropped a pile of “Out-of-Band” (OOB) emergency updates because they realized—shocker—that their January patches were about as stable as a house of cards in a hurricane.
The “OOB” Love Fest
If your Remote Desktop connections have been failing or your laptop refuses to hibernate (basically becoming a very expensive space heater in your backpack), you can thank Microsoft. These emergency patches are meant to fix the “credential prompt failures” introduced last month.
But the real kicker? CVE-2026-21509. This is a zero-day security bypass in Microsoft Office that’s currently being weaponized by state-sponsored actors (specifically APT28). It doesn’t even need macros to ruin your life—just opening a “weaponized” document is enough. If you’re still clicking “Open” on every invoice.docx that hits your inbox, you’re the reason we can’t have nice things.
NTLM: The Slow, Painful Death
Microsoft also just announced the official timeline for the phased disablement of NTLM. For those of you who aren’t tech-ancient, NTLM is a 1993-era authentication protocol that should have died with the Tamagotchi.
Starting today, Microsoft is pushing everyone toward Kerberos. Phase One is “Auditing,” which is corporate-speak for “We’re going to show you everything that’s about to break.” If your office still runs on a server from the Bush administration, congratulations: your network is officially a museum exhibit, and the hackers are the curators.
Stop being a “Legacy Hero.” You aren’t “saving money” by running unpatched 2016 Office versions; you’re just volunteer-hosting a playground for Russian botnets. Go to Windows Update, click the button, and pray your custom internal apps don’t implode. Or don’t, and enjoy your new career in “Manual Data Entry” once your server gets encrypted.
