Tech

Emergency Patch Released for Active Exploitation of Microsoft Office Zero-Day (CVE-2026-21509)

Taylor KeatsmanTaylor Keatsman
Emergency Patch Released for Active Exploitation of Microsoft Office Zero-Day (CVE-2026-21509)

On January 27, 2026, Microsoft announced an emergency patch for a critical vulnerability in Microsoft Office, identified as CVE-2026-21509. This zero-day vulnerability received a CVSS score of 7.8, indicating its high severity. The issue allows attackers to bypass security features in Microsoft Office, posing a significant risk to users.

Details of CVE-2026-21509

The vulnerability stems from untrusted inputs affecting security decisions within Microsoft Office. It enables unauthorized access by exploiting Office files designed to mislead recipients into opening them. Importantly, the hack does not utilize the Preview Pane as an attack vector.

Updates and Mitigations

Microsoft has implemented an automatic service-side protection for users with Office 2021 and later versions. However, users must restart their Office applications to activate this change. For those still using Office 2016 and 2019, specific updates are necessary:

  • Microsoft Office 2019 (32-bit): 16.0.10417.20095
  • Microsoft Office 2019 (64-bit): 16.0.10417.20095
  • Microsoft Office 2016 (32-bit): 16.0.5539.1001
  • Microsoft Office 2016 (64-bit): 16.0.5539.1001

Registry Changes for Enhanced Security

To further mitigate risks, Microsoft advises users to modify their Windows Registry following these steps:

  1. Backup the Registry.
  2. Exit all Microsoft Office applications.
  3. Open the Registry Editor.
  4. Locate the appropriate registry subkey based on your Office version and system type:
  • For 64-bit MSI Office: HKEY_LOCAL_MACHINESOFTWAREMicrosoftOffice16.0CommonCOM Compatibility
  • For 32-bit MSI Office on 64-bit: HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftOffice16.0CommonCOM Compatibility
  • For Office ClickToRun versions, adjust the paths slightly as described in Microsoft’s advisory.
  • Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B}.
  • Within that subkey, create a new DWORD (32-bit) Value called “Compatibility Flags” and set its value to 400.
  • Exit the Registry Editor and restart Office applications.

    • Implications and Recommendations

    The emergence of this vulnerability has caught the attention of the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Consequently, CISA has included CVE-2026-21509 in its Known Exploited Vulnerabilities (KEV) catalog. Federal Civilian Executive Branch agencies are required to apply the necessary patches by February 16, 2026. While Microsoft has not divulged details regarding the attacks utilizing this vulnerability, it has acknowledged the contributions of its security teams in addressing the issue.

    Users are strongly encouraged to install updates promptly to safeguard against potential threats arising from CVE-2026-21509.

    Related Posts

    MediaTek Faces Major Impact from Memory Crisis Due to SoC Dependency

    MediaTek Faces Major Impact from Memory Crisis Due to S...

    Taylor Keatsman 27 Jan 2026

    Protect Your BitLocker Key: Avoid Cloud Storage Risks with Microsoft

    Protect Your BitLocker Key: Avoid Cloud Storage Risks w...

    Taylor Keatsman 27 Jan 2026

    UK Approves Legal Action Against Valve Over Steam Pricing

    UK Approves Legal Action Against Valve Over Steam Pricing

    Taylor Keatsman 27 Jan 2026

    Nintendo Lists Virtual Boy Titles for Switch Online Launch

    Nintendo Lists Virtual Boy Titles for Switch Online Launch

    Taylor Keatsman 27 Jan 2026

    AirTag 2 Upgrade: What You Need to Know – Pros and Cons

    AirTag 2 Upgrade: What You Need to Know – Pros and Cons

    Taylor Keatsman 27 Jan 2026

    Apple Unveils Sudden iPhone Update Packed with Key Features and Fixes

    Apple Unveils Sudden iPhone Update Packed with Key Feat...

    Taylor Keatsman 27 Jan 2026