Microsoft Rushes Emergency Patch for Office Zero-Day

vm_admin
Microsoft Rushes Emergency Patch for Office Zero-Day

By Dark Reading
Publication Date: 2026-01-27 20:07:00

Microsoft has rushed out an emergency patch for a security vulnerability in multiple versions of Microsoft Office and Microsoft 365 that attackers are actively exploiting. The zero-day bug, designated as CVE-2026-21509 (CVSS 7.8), allows attackers to bypass security controls in Microsoft 365 and Office that protect against unsafe COM/OLE behavior, and execute arbitrary code on affected systems.

CISA Adds Bug to KEV

The US Cybersecurity and Infrastructure Security Agency (CISA) added the bug to its known exploited vulnerabilities (KEV) catalog and given federal executive civilian branch agencies until Feb. 16 to patch the issue or discontinue use of affected products until patched. To exploit the vulnerability, an attacker would either need to already have access to a system or send a malicious Office file to a user and convince them to open it. Unlike numerous previous Office vulnerabilities, merely viewing a malicious Office file in the Preview Pane will not trigger…

Related Posts

BMO cuts Microsoft stock price target to $490 on Azure concerns – MSN

BMO cuts Microsoft stock price target to $490 on Azure concerns  MSN Article Source https://www.msn.com/en-us/money/topstocks/bmo-cuts-microsoft-stock-price-target-to-490-on-azure-concerns/ar-AA1y6Bxz?ocid\u003dfinance-verthp-feeds Facebook Twitter Pinterest LinkedIn Digg Tumblr…