Microsoft issues out-of-band patch for actively exploited Microsoft Office zero-day vulnerability

Windows 11 security update installation screen showing download progress (Image Source: Pabitra Kaity from Pixabay)

Microsoft has released an out-of-band security update to fix an actively exploited Microsoft Office vulnerability tracked as CVE-2026-21509. The flaw allows attackers to bypass Office security protections via malicious documents and has been added to CISA’s Known Exploited Vulnerabilities catalog.

Praneeta, Published 01/28/2026

Microsoft has released an out-of-band security update to address an actively exploited zero-day vulnerability affecting Microsoft Office, adding further pressure to an already turbulent January 2026 update cycle that has also seen serious stability issues on Windows 11 systems.

Tracked as CVE-2026-21509, the vulnerability is classified as a security feature bypass caused by “reliance on untrusted inputs in a security decision in Microsoft Office,” according to the Microsoft Security Response Center. Successful exploitation allows an attacker to locally bypass Office security protections, specifically OLE mitigations designed to block vulnerable COM and OLE controls.

Microsoft has assigned the flaw a CVSS v3.1 score of 7.8 and confirmed that it is being exploited in the wild. While the company has not disclosed technical details about the attacks, it noted that exploitation requires user interaction, with attackers needing to convince victims to open a specially crafted Office file. The Preview Pane is not an attack vector.

Systems running Office 2021 and newer are automatically protected through a service-side change, though users must restart their Office applications for the mitigation to take effect. Customers on Office 2016 and Office 2019, however, are not protected until they install the latest security updates. Microsoft has also provided a registry-based workaround that can be applied immediately on affected systems to block exploitation prior to patching.

The vulnerability has been added to the Known Exploited Vulnerabilities catalog maintained by the Cybersecurity and Infrastructure Security Agency, which is requiring U.S. federal agencies to apply the updates by February 16, 2026.

Earlier this month, Windows 11 security update KB5074109 was linked to widespread stability issues and reports of UNMOUNTABLE_BOOT_VOLUME boot failures on some systems, underscoring the increasingly fragile state of recent Windows and Office updates.

Source(s)

Microsoft

The Hacker News

⟨

Samsung Galaxy S26 Ultra display may have more tricks up its sleeve

Please share our article, every link counts!

Add as a preferred
source on Google

Loading Comments

Comment on this article

Show more articles

Praneeta - Tech Editor - 17 articles published on Notebookcheck since 2025

I'm pretty attached to storytelling, since childhood (an awful curse I'm still trying to find an antidote for). But in the meantime, I use it to enhance my professional life, tell stories and sometimes the news. I am passionate about tech, the kind that can potentially change the fate of humanity, and Anime. I am eager to learn about the world, and I'm still figuring out how to travel as much as possible.

contact me via: @prntmnd, _praneeta

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2026 01 > Microsoft issues out-of-band patch for actively exploited Microsoft Office zero-day vulnerability

Praneeta, 2026-01-28 (Update: 2026-01-28)

Source(s)

Related Articles