Microsoft Releases Emergency Patch for Actively Exploited Office Zero-Day
Microsoft has issued out-of-band security updates to address a high-severity zero-day vulnerability (CVE-2026-21509) in Microsoft Office, which is being actively exploited in attacks. The flaw, classified as a security feature bypass, affects multiple versions, including Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise.
While patches are available for most affected versions, updates for Office 2016 and 2019 remain pending, with Microsoft promising their release as soon as possible. The vulnerability can be exploited by local attackers through low-complexity attacks requiring user interaction specifically, tricking a victim into opening a malicious Office file. The preview pane is not a viable attack vector.
The flaw bypasses OLE mitigations in Microsoft 365 and Office, which are designed to protect users from vulnerable COM/OLE controls. For unpatched systems, Microsoft has provided temporary mitigation steps involving registry edits to reduce exploitation risks. These measures include creating or modifying specific registry keys to enforce compatibility flags.
Microsoft has not disclosed details on the vulnerability’s discovery or its exploitation methods. The emergency update follows January 2026’s Patch Tuesday, which addressed 114 flaws, including another actively exploited zero-day in the Desktop Window Manager. Recent weeks have also seen additional out-of-band updates to resolve issues in Windows and Outlook caused by earlier patches.
Microsoft Security Response Center cybersecurity rating report: https://www.rankiteo.com/company/microsoft-security-response-center
"id": "MIC1769453770",
"linkid": "microsoft-security-response-center",
"type": "Vulnerability",
"date": "6/2016",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Software',
'location': 'Global',
'name': 'Microsoft',
'type': 'Technology Company'}],
'attack_vector': 'Malicious Office file',
'description': 'Microsoft has issued out-of-band security updates to address '
'a high-severity zero-day vulnerability (CVE-2026-21509) in '
'Microsoft Office, which is being actively exploited in '
'attacks. The flaw, classified as a security feature bypass, '
'affects multiple versions, including Office 2016, 2019, LTSC '
'2021, LTSC 2024, and Microsoft 365 Apps for Enterprise. The '
'vulnerability can be exploited by local attackers through '
'low-complexity attacks requiring user interaction, '
'specifically tricking a victim into opening a malicious '
'Office file. The preview pane is not a viable attack vector.',
'impact': {'systems_affected': 'Microsoft Office (2016, 2019, LTSC 2021, LTSC '
'2024, Microsoft 365 Apps for Enterprise)'},
'post_incident_analysis': {'corrective_actions': 'Patches, registry-based '
'mitigations',
'root_causes': 'Security feature bypass in OLE '
'mitigations'},
'recommendations': 'Apply emergency patches, implement registry edits for '
'unpatched systems',
'references': [{'source': 'Microsoft Security Update'}],
'response': {'containment_measures': 'Emergency security updates, registry '
'edits for mitigation',
'remediation_measures': 'Patches for most affected versions '
'(pending for Office 2016 and 2019)'},
'title': 'Microsoft Releases Emergency Patch for Actively Exploited Office '
'Zero-Day',
'type': 'Zero-Day Vulnerability',
'vulnerability_exploited': 'CVE-2026-21509'}