{"id":206980,"date":"2026-01-27T02:20:00","date_gmt":"2026-01-27T07:20:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/27\/microsoft-office-zero-day-cve-2026-21509-emergency-patch-issued-for-active-exploitation\/"},"modified":"2026-01-27T09:25:07","modified_gmt":"2026-01-27T14:25:07","slug":"microsoft-office-zero-day-cve-2026-21509-emergency-patch-issued-for-active-exploitation","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/27\/microsoft-office-zero-day-cve-2026-21509-emergency-patch-issued-for-active-exploitation\/","title":{"rendered":"Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation"},"content":{"rendered":"

Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/01\/microsoft-issues-emergency-patch-for.html<\/a><\/p>\n

Publish Date: 2026-01-27 02:20:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

\ue804Ravie Lakshmanan<\/span>\ue802Jan 27, 2026<\/span><\/span>Zero-Day \/ Vulnerability<\/span><\/p>\n

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks.<\/p>\n

The vulnerability, tracked as CVE-2026-21509<\/strong>, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office.<\/p>\n

“Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally,” the tech giant said in an advisory.<\/p>\n

“This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office, which protect users from vulnerable COM\/OLE controls.”<\/p>\n

Successful exploitation of the flaw relies on an attacker sending a specially crafted Office file and convincing recipients to open it. It also noted that the Preview Pane is not an attack vector.<\/p>\n

\"Cybersecurity\"<\/p>\n

The Windows maker said customers running Office 2021 and later will be automatically protected via a service-side change, but will be required to restart their Office applications for this to take effect. For those running Office 2016 and 2019, it’s required to install the following updates –<\/p>\n