CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks

The vulnerability is tracked as CVE-2026-21509 and it can be exploited to bypass security features. The post Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks appeared first on SecurityWeek.

Office vulnerability exploited

Microsoft has released patches for CVE-2026-21509, a newly disclosed Office zero-day vulnerability that can be exploited to bypass security features.

The tech giant’s advisory for CVE-2026-21509 mentions that it’s aware of active exploitation. 

The vulnerability and the in-the-wild attacks were discovered by Microsoft’s own security researchers, but the company has yet to share any information on the malicious activity.

According to Microsoft’s description of the zero-day, “Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.”

The company also clarified that the vulnerability “bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls”.

Exploitation requires the attacker to convince the targeted user to open a malicious Office file. 

The requirement for social engineering, combined with the exploit’s complexity and the potential need for a multi-stage attack chain, indicates that this zero-day is being used for targeted espionage or other high-value operations rather than broad, opportunistic campaigns.

SecurityWeek has reached out to Microsoft for additional information and will update this article if the company responds.

Microsoft has released patches for all affected versions of Office, including 2016, 2019, LTSC 2024, LTSC 2021, and Microsoft 365 Apps for Enterprise.

Mitigations are also available for users who cannot immediately update their Office installations. 

The cybersecurity agency CISA has added CVE-2026-21509 to its Known Exploited Vulnerabilities (KEV) catalog, instructing government organizations to address it by February 16.

Microsoft’s January 2026 Patch Tuesday updates resolved more than 110 vulnerabilities, including a Windows zero-day whose exploitation was discovered by the vendor’s own researchers. No information has been shared on those attacks either. 

UPDATE: Microsoft has provided the following statement to SecurityWeek, but it did not share any information on the attacks:

We recommend impacted customers follow the guidance on our CVE page. Additionally, Microsoft Defender has detections in place to block exploitation, and our default Protected View setting provides an extra layer of protection by blocking malicious files from the Internet. As a security best practice, we encourage users to exercise caution when downloading and enabling editing on files from unknown sources as indicated in security warnings.

Related: Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Related: RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement

Related: New ‘Reprompt’ Attack Silently Siphons Microsoft Copilot Data

Latest News

CYBERNEWSMEDIAPublisher