Ravie LakshmananJan 27, 2026Zero-Day / Vulnerability
Microsoft on Monday issued out-of-band safety patches for a high-severity Microsoft Workplace zero-day vulnerability exploited in assaults.
The vulnerability, tracked as CVE-2026-21509, carries a CVSS rating of seven.8 out of 10.0. It has been described as a safety function bypass in Microsoft Workplace.
“Reliance on untrusted inputs in a safety determination in Microsoft Workplace permits an unauthorized attacker to bypass a safety function domestically,” the tech big mentioned in an advisory.
“This replace addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Workplace, which defend customers from weak COM/OLE controls.”
Profitable exploitation of the flaw depends on an attacker sending a specifically crafted Workplace file and convincing recipients to open it. It additionally famous that the Preview Pane is just not an assault vector.
The Home windows maker mentioned prospects operating Workplace 2021 and later can be robotically protected by way of a service-side change, however can be required to restart their Workplace purposes for this to take impact. For these operating Workplace 2016 and 2019, it is required to put in the next updates –
Microsoft Workplace 2019 (32-bit version) – 16.0.10417.20095
Microsoft Workplace 2019 (64-bit version) – 16.0.10417.20095
Microsoft Workplace 2016 (32-bit version) – 16.0.5539.1001
Microsoft Workplace 2016 (64-bit version) – 16.0.5539.1001
As mitigation, the corporate is urging that prospects make a Home windows Registry change by following the steps outlined under –
Take a backup of the Registry
Exit all Microsoft Workplace purposes
Begin the Registry Editor
Find the right registry subkey –
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOffice16.0CommonCOM Compatibility for 64-bit MSI Workplace or 32-bit MSI Workplace on 32-bit Home windows
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftOffice16.0CommonCOM Compatibility for 32-bit MSI Workplace on 64-bit Home windows
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeClickToRunREGISTRYMACHINESoftwareMicrosoftOffice16.0CommonCOM Compatibility for 64-bit Click2Run Workplace or 32-bit Click2Run Workplace on 32-bit Home windows
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeClickToRunREGISTRYMACHINESoftwareWOW6432NodeMicrosoftOffice16.0CommonCOM Compatibility for 32-bit Click2Run Workplace on 64-bit Home windows
Add a brand new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and selecting Add Key.
Inside that subkey, add new worth by right-clicking the brand new subkey and selecting New > DWORD (32-bit) Worth
Add a REG_DWORD hexadecimal worth known as ”Compatibility Flags” with a worth of 400
Exit Registry Editor and begin the Workplace software
Microsoft has not shared any particulars in regards to the nature and the scope of assaults exploiting CVE-2026-21509. It credited the Microsoft Menace Intelligence Middle (MSTIC), Microsoft Safety Response Middle (MSRC), and Workplace Product Group Safety Crew for locating the difficulty.
The event has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) so as to add the flaw to its Recognized Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Government Department (FCEB) businesses to use the patches by February 16, 2026.
