Microsoft Releases Patch for Actively Exploited Office Zero-Day Vulnerability

Microsoft has issued emergency updates to address a critical zero-day vulnerability in Microsoft Office. This security flaw, labeled CVE-2026-21509, affects several versions of Office, including Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise.

Vulnerability Details

The vulnerability arises from a security feature bypass, allowing unauthorized local attackers to exploit the flaw with minimal complexity. Although the preview pane is not an attack vector, attackers must convince users to open malicious Office files.

Microsoft highlights that those using Office 2021 and later will receive automatic protection through a service-side change, but users must restart their Office applications to activate this fix. Meanwhile, security updates for Office 2016 and 2019 are pending but will be released shortly.

Mitigation Measures for Affected Versions

While updates for Office 2016 and 2019 are not yet available, Microsoft provides mitigation strategies to reduce the risk of exploitation:

• Close all Microsoft Office applications.
• Create a backup of the Windows Registry to avoid potential issues.
• Open the Windows Registry Editor by typing “regedit” into the Start menu.

After opening the Registry Editor, check if the following keys exist:

• HKEY_LOCAL_MACHINESOFTWAREMicrosoftOffice16.0CommonCOM Compatibility
• HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftOffice16.0CommonCOM Compatibility
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeClickToRunREGISTRYMACHINESoftwareMicrosoftOffice16.0CommonCOM Compatibility
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeClickToRunREGISTRYMACHINESoftwareWOW6432NodeMicrosoftOffice16.0CommonCOM Compatibility

If none of these keys are present, users should create a new “COM Compatibility” key:

1. Right-click on Common, select New > Key.
2. Name the new key {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B}.
3. Right-click on it, select New > DWORD (32-bit) Value, and name it Compatibility Flags.
4. Set the Compatibility Flags value to 400.

Previous Security Issues and Updates

Earlier this month, Microsoft addressed 114 vulnerabilities during the January Patch Tuesday, including another zero-day exploit affecting the Desktop Window Manager. Additionally, several out-of-band updates were released to resolve Cloud PC and shutdown issues triggered by previous updates.

As cybersecurity remains a growing concern, organizations must stay vigilant and ensure that their Office applications are updated promptly. For the latest information on security threats and solutions, visit Filmogaz.com.