Key Takeaways
1. Microsoft released a security update for a zero-day vulnerability (CVE-2026-21509) in Microsoft Office, which is actively being exploited.
2. The vulnerability allows attackers to bypass security measures in Office by using specially crafted files, requiring user interaction to activate.
3. Office 2021 and later users receive automatic protection, while Office 2016 and 2019 users must install specific updates to be safeguarded.
4. The vulnerability is included in the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog, requiring U.S. federal agencies to update by February 16, 2026.
5. Recent Windows 11 updates have caused stability issues, complicating the update process for Microsoft systems.
Microsoft has rolled out a special security update to tackle a zero-day vulnerability that is actively being exploited in Microsoft Office. This comes at a time when the January 2026 update cycle is already facing challenges, including significant stability problems with Windows 11 systems.
Details on the Vulnerability
This vulnerability, labeled CVE-2026-21509, is identified as a security feature bypass. According to the Microsoft Security Response Center, it stems from “dependence on untrusted input in a security choice within Microsoft Office.” If successfully exploited, an attacker could bypass Office’s security measures, specifically those meant to protect against vulnerable COM and OLE controls.
Impact and Exploitation
Microsoft assigned this flaw a CVSS v3.1 score of 7.8 and confirmed that it is being exploited in real-world scenarios. Although the company has not shared specific technical details on the attacks, it mentioned that user interaction is necessary for exploitation. Attackers must persuade victims to open a specially designed Office file. Notably, the Preview Pane does not serve as an attack vector.
Protection Measures
For users running Office 2021 and later, protection is automatically implemented through a service-side adjustment, but they need to restart their Office applications for the changes to take effect. On the other hand, those using Office 2016 and Office 2019 won’t be safeguarded unless they install the latest security updates. Additionally, Microsoft has offered a registry-based fix that can be instantly applied on affected systems to prevent exploitation until a patch is available.
The vulnerability has been listed in the Known Exploited Vulnerabilities catalog by the Cybersecurity and Infrastructure Security Agency. This catalog mandates that U.S. federal agencies must install the updates by February 16, 2026.
Ongoing Stability Issues
Earlier this month, the Windows 11 security update KB5074109 was associated with widespread stability problems and reports of UNMOUNTABLE_BOOT_VOLUME errors on certain systems, highlighting the delicate nature of recent updates for Windows and Office.
Source:
Link
Leave a Reply