{"id":305808,"date":"2026-01-27T08:07:09","date_gmt":"2026-01-27T08:07:09","guid":{"rendered":"https:\/\/www.europesays.com\/ie\/305808\/"},"modified":"2026-01-27T08:07:09","modified_gmt":"2026-01-27T08:07:09","slug":"microsoft-office-zero-day-cve-2026-21509-emergency-patch-issued-for-active-exploitation","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ie\/305808\/","title":{"rendered":"Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation"},"content":{"rendered":"

\ue804Ravie Lakshmanan\ue802Jan 27, 2026Zero-Day \/ Vulnerability<\/p>\n

\"\"<\/a><\/p>\n

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks.<\/p>\n

The vulnerability, tracked as CVE-2026-21509<\/strong>, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office.<\/p>\n

“Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally,” the tech giant said<\/a> in an advisory.<\/p>\n

“This update addresses a vulnerability that bypasses OLE<\/a> mitigations in Microsoft 365 and Microsoft Office, which protect users from vulnerable COM\/OLE controls.”<\/p>\n

Successful exploitation of the flaw relies on an attacker sending a specially crafted Office file and convincing recipients to open it. It also noted that the Preview Pane is not an attack vector.<\/p>\n

\"Cybersecurity\"<\/a><\/p>\n

The Windows maker said customers running Office 2021 and later will be automatically protected via a service-side change<\/a>, but will be required to restart their Office applications for this to take effect. For those running Office 2016 and 2019, it’s required to install the following updates –<\/p>\n