{"id":207013,"date":"2026-01-27T05:35:00","date_gmt":"2026-01-27T10:35:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/27\/office-zero-day-exploited-forces-microsoft-oob-patch-the-register\/"},"modified":"2026-01-27T10:50:13","modified_gmt":"2026-01-27T15:50:13","slug":"office-zero-day-exploited-forces-microsoft-oob-patch-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/27\/office-zero-day-exploited-forces-microsoft-oob-patch-the-register\/","title":{"rendered":"Office zero-day exploited, forces Microsoft OOB patch \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/01\/27\/office_zeroday_exploited_in_the\/\">Office zero-day exploited, forces Microsoft OOB patch \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/01\/27\/office_zeroday_exploited_in_the\/\">https:\/\/www.theregister.com\/2026\/01\/27\/office_zeroday_exploited_in_the\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-27 05:35:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>Microsoft has issued an emergency Office patch after confirming a zero-day flaw is already being used in real world attacks.<\/p>\n<p>The flaw, tracked as CVE-2026-21509, and slapped with a CVSS score of 7.8, falls into Microsoft&#8217;s &#8220;security feature bypass&#8221; bucket. In practice, this means attackers can dodge protections that are supposed to stop unsafe legacy components from running. Those components include COM and OLE \u2013 old Windows plumbing that&#8217;s been at the heart of document-based attacks for years and clearly hasn&#8217;t earned its retirement yet.<\/p>\n<h2 title=\"Some machines are failing to start after security updates, prompting yet another Microsoft investigation\">Microsoft probes Windows 11 boot failures tied to January security updates<\/h2>\n<p><span>READ MORE<\/span><\/p>\n<p>According to Microsoft, exploitation doesn&#8217;t hinge on the Office preview pane \u2013 often a red flag in past campaigns \u2013 but still requires little effort once a victim is persuaded to open a booby-trapped file. In its advisory, the company describes the issue as a case of &#8220;reliance on untrusted inputs in a security decision,&#8221; a polite way of saying Office can be talked into doing things it shouldn&#8217;t.<\/p>\n<p>&#8220;Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally,&#8221; Microsoft said. &#8220;An attacker must send a user a malicious Office file and convince them to open it.&#8221;<\/p>\n<p>The flaw hits most current Office builds, from Office 2016 and 2019 through to the LTSC releases and Microsoft 365 Apps for Enterprise. Updates are out for newer versions, but anyone still running Office 2016 or 2019 is stuck waiting. Microsoft says fixes for those editions aren&#8217;t ready yet and will ship &#8220;as soon as possible.&#8221;<\/p>\n<p>In the meantime, Redmond is pointing affected customers toward mitigation steps that it says can reduce exploitation risk. Those involve manually blocking vulnerable COM and OLE controls via the Windows registry by adding a specific COM Compatibility key and setting a Compatibility Flags DWORD value. It&#8217;s the sort of workaround that many organizations will struggle to deploy&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/01\/27\/office_zeroday_exploited_in_the\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Office zero-day exploited, forces Microsoft OOB patch \u2022 The Register https:\/\/www.theregister.com\/2026\/01\/27\/office_zeroday_exploited_in_the\/ Publish Date: 2026-01-27 05:35:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":207014,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2024\/01\/16\/bug_shutterstock.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-207013","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207013"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=207013"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207013\/revisions"}],"predecessor-version":[{"id":207015,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207013\/revisions\/207015"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/207014"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=207013"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=207013"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=207013"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}