1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Worrying Microsoft Office security flaw patched - update now or r

    From TechnologyDaily@1337:1/100 to All on Tuesday, January 27, 2026 17:30:08
    Worrying Microsoft Office security flaw patched - update now or risk hackers accessing your files

    Date:
    Tue, 27 Jan 2026 17:20:00 +0000

    Description:
    Microsoft forced to issue an emergency patch to fix an Office zero-day being actively exploited.

    FULL STORY ======================================================================Microsof t issues emergency patch for Office zero-day CVE-2026-21509 Vulnerability allows attackers to bypass OLE mitigations and execute malware CISA adds flaw to KEV catalog; exploitation details remain undisclosed

    Microsoft has issued an emergency patch to fix a high-severity Office vulnerability that is being exploited in the wild as a zero-day.

    The bug is described as a security bypass flaw: Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally, the National Vulnerability Database (NVD) explains.

    In other words, Office was making security decisions based on information it shouldnt fully trust, and that was exploited by cybercriminals to execute malware, steal login credentials, and move laterally through the network. How to patch and work around the bug

    It was said that the vulnerability is being actively exploited in the wild, and the US Cybersecurity and Infrastructure Security Agency (CISA) already added it to its Known Exploited Vulnerabilities (KEV) catalog.

    However, Microsoft did not say who the threat actors are, or who the victims were. We also dont know what the scope of the campaign is, or if it already resulted in meaningful data theft, or possibly ransomware attacks.

    The bug is tracked as CVE-2026-21509 and was given a severity score of 7.8/10 (high).

    "This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office, which protect users from vulnerable COM/OLE controls," Microsoft said in a security advisory.

    Users running Office 2021 and later dont have to do anything aside from restarting their Office applications, since the patch will be made server-side. Those running Office 2016 and 2019, will need to install these updates:

    Microsoft Office 2019 (32-bit edition) - 16.0.10417.20095

    Microsoft Office 2019 (64-bit edition) - 16.0.10417.20095

    Microsoft Office 2016 (32-bit edition) - 16.0.5539.1001

    Microsoft Office 2016 (64-bit edition) - 16.0.5539.1001

    Those that cannot install the patches should make changes in Windows
    Registry, as mitigation. Microsoft has provided a step-by-step guide which
    can be found on t his link .

    Via The Hacker News

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/worrying-microsoft-office-security-flaw -patched-update-now-or-risk-hackers-accessing-your-files


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)