Hackers Exploit Zero-Day Vulnerabilities in Windows and Office, Microsoft Warns

Microsoft has announced critical security updates for its Windows operating system and Office suite. These updates address vulnerabilities currently exploited by hackers to compromise user computers. The company emphasizes the need for immediate action to mitigate potential risks.

Understanding Zero-Day Vulnerabilities

The vulnerabilities are categorized as zero-days. This term indicates that hackers have been exploiting these flaws before Microsoft could release fixes. Such vulnerabilities pose a significant threat as they allow unauthorized access with minimal user interaction.

Types of Vulnerabilities Identified

• CVE-2026-21510: This vulnerability is located in the Windows shell, impacting all supported Windows versions. It enables hackers to bypass Microsoft’s SmartScreen feature, which typically protects users from malicious links.
• CVE-2026-21513: Found in the MSHTML browser engine, this vulnerability affects older applications on Windows. It also allows hackers to bypass critical security measures and plant malicious software.

Exploitation Techniques

These vulnerabilities can be exploited through one-click attacks. For instance, a user merely needs to click on a malicious link to initiate the attack. Security expert Dustin Childs highlights that this type of bug is rare, emphasizing the serious risks associated with one-click code execution.

A Google spokesperson confirmed that the Windows shell vulnerability is under “widespread, active exploitation.” Successful attacks could allow hackers to execute malware with high privileges, leading to serious consequences such as system compromise and ransomware deployment.

Collaboration with Security Researchers

Microsoft acknowledged the contributions of security researchers from Google’s Threat Intelligence Group, who were instrumental in identifying these vulnerabilities. The acknowledgment underscores the importance of collaboration in addressing cybersecurity issues.

Additional Security Patches

In addition to the aforementioned vulnerabilities, Microsoft also patched three other zero-day issues that were being actively targeted by hackers. This proactive approach aims to enhance overall security for users across their platforms.

Users are advised to apply these updates promptly to protect their systems from potential threats. Regularly updating software is a vital step in maintaining cybersecurity hygiene.