Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks

Posted on By CWS

Microsoft has launched patches for CVE-2026-21509, a newly disclosed Workplace zero-day vulnerability that may be exploited to bypass security measures.

The tech large’s advisory for CVE-2026-21509 mentions that it’s conscious of lively exploitation. 

The vulnerability and the in-the-wild assaults had been found by Microsoft’s personal safety researchers, however the firm has but to share any data on the malicious exercise.

In line with Microsoft’s description of the zero-day, “Reliance on untrusted inputs in a safety resolution in Microsoft Workplace permits an unauthorized attacker to bypass a safety function domestically.”

The corporate additionally clarified that the vulnerability “bypasses OLE mitigations in Microsoft 365 and Microsoft Workplace which shield customers from susceptible COM/OLE controls”.

Exploitation requires the attacker to persuade the focused person to open a malicious Workplace file. Commercial. Scroll to proceed studying.

The requirement for social engineering, mixed with the exploit’s complexity and the potential want for a multi-stage assault chain, signifies that this zero-day is getting used for focused espionage or different high-value operations relatively than broad, opportunistic campaigns.

SecurityWeek has reached out to Microsoft for extra data and can replace this text if the corporate responds.

Microsoft has launched patches for all affected variations of Workplace, together with 2016, 2019, LTSC 2024, LTSC 2021, and Microsoft 365 Apps for Enterprise.

Mitigations are additionally obtainable for customers who can’t instantly replace their Workplace installations. 

The cybersecurity company CISA has added CVE-2026-21509 to its Recognized Exploited Vulnerabilities (KEV) catalog, instructing authorities organizations to deal with it by February 16.

Microsoft’s January 2026 Patch Tuesday updates resolved greater than 110 vulnerabilities, together with a Home windows zero-day whose exploitation was found by the seller’s personal researchers. No data has been shared on these assaults both. 

Associated: Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Associated: RedVDS Cybercrime Service Disrupted by Microsoft and Legislation Enforcement

Associated: New ‘Reprompt’ Assault Silently Siphons Microsoft Copilot Information

Security Week News Tags:, , , , , ,

Related Posts

F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data Security Week News
Exploits, Technical Details Released for CitrixBleed2 Vulnerability Security Week News
Mondoo Raises $17.5 Million for Vulnerability Management Platform Security Week News
Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack Security Week News
CISA Warns AMI BMC Vulnerability Exploited in the Wild Security Week News
Vulnerabilities Patched by Juniper, VMware and Zoom  Security Week News