Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Office Zero-Day Exploited, Forces Microsoft OOB Patch

Microsoft patched a high-severity Office zero-day exploited via low-complexity local attacks that bypass OLE mitigations, but updates for Office 2016 and 2019 are pending.

  • On Monday, Microsoft disclosed CVE-2026-21509 and released emergency out-of-band updates rolling out for Microsoft 365 Apps for Enterprise and multiple Microsoft Office LTSC and perpetual releases.
  • The flaw bypasses Object Linking and Embedding and COM mitigations, enabling attackers to exploit phishing-style, user-interaction attacks with circulating exploit code, Microsoft said.
  • Microsoft published Registry mitigation steps to create a COM Compatibility key and set a Compatibility Flags value to 400; Office 2021 and later get auto-protection after restart, but patches for Microsoft Office 2016 and 2019 are pending.
  • Close all Microsoft Office applications before editing the Windows Registry, back up the Registry to avoid system issues, and after performing the steps, the flaw is mitigated on next Office launch.
  • Earlier this month, as part of the January 2026 Patch Tuesday, Microsoft fixed 114 flaws including an actively exploited Desktop Window Manager zero-day, and last week it issued other out-of-band fixes while declining to name the vulnerability's discoverer.
Insights by Ground AI
Podcasts & Opinions

25 Articles

Tech RadarTech Radar
Center

Worrying Microsoft Office security flaw patched - update now or risk hackers accessing your files

Microsoft forced to issue an emergency patch to fix an Office zero-day being actively exploited.

·United Kingdom
Read Full Article
ZDNetZDNet
Center

Use Microsoft Office? Hackers can infect your PC with a malicious document - patch it ASAP

This emergency zero-day patch blocks attackers from slipping past built-in protections and compromising your system.

·United States
Read Full Article
www.t-online.dewww.t-online.de
Lean Left

Critical Vulnerability in Microsoft Office – Users Should Act Urgently

Microsoft warns against a critical vulnerability in Office. The gap is already actively exploited, users should act quickly.

Read Full Article
The RegisterThe Register
Center

Office zero-day exploited, forces Microsoft OOB patch

Updated: Another actively abused Office bug, another emergency patch – Office 2016 and 2019 users are left with registry tweaks instead of fixes.

Read Full Article
PC MagPC Mag
Lean Left

Emergency Patch Issued for Microsoft Office, 365 Over Hacking Threat

Microsoft suggests the threat is being used in phishing attacks against vulnerable systems since successful exploitation requires local access to the PC.

·United States
Read Full Article
BleepingComputerBleepingComputer
Center

Microsoft patches actively exploited Office zero-day vulnerability

Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 67% of the sources are Center
67% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Monday, January 26, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Software icon

Software

Cyberattacks icon

Cyberattacks

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal