{"id":15555,"date":"2026-01-27T23:29:15","date_gmt":"2026-01-27T23:29:15","guid":{"rendered":"https:\/\/newestek.com\/?p=15555"},"modified":"2026-01-27T23:29:15","modified_gmt":"2026-01-27T23:29:15","slug":"fixes-released-for-a-serious-microsoft-office-zero-day-flaw","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15555","title":{"rendered":"Fixes released for a serious Microsoft Office zero-day flaw"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Microsoft is warning admins of an Office security bypass zero day vulnerability that can be triggered simply by a user opening a document. The flaw is currently being actively exploited.<\/p>\n

\u201cThe vulnerability is serious,\u201d said Johannes Ullrich<\/a>, dean of research at the SANS Institute. \u201cThe root cause is that Microsoft Office still supports the older OLE document format, which provides access to various OLE components. The effect is similar to what an attacker could do with Office Macros. But Office Macros are typically blocked for documents downloaded from the internet. Microsoft implemented similar protections for OLE components, but this recent exploit found a way to bypass them.\u201d<\/p>\n

Despite efforts by Microsoft and email gateway vendors, emails with malicious attachments are still a significant attack vector, he added.<\/p>\n

\u201cIt is important that organizations roll up this update quickly. Until it has been applied, filters on email gateways or endpoint protection signatures may help mitigate the threat.\u201d<\/p>\n

Fortunately the vulnerability, CVE-2026-21509<\/a>, which has a CVSS score of 7.8, is fixed automatically in Office 2021 and up, however, admins should note that these applications need a restart for the patch to take effect. For Office 2016 and Office 2019, there\u2019s a separate patch<\/a>.<\/p>\n

Jack Bicer<\/a>, director of vulnerability research at Action1, said that for security teams and CISOs \u201cthe urgency is real: don\u2019t wait, prioritize this update immediately, and ensure all Office applications are restarted so the protections take effect without delay.\u201d\u00a0<\/p>\n

The flaw is exploited by sending malicious Office documents and convincing users to open them, \u201ca classic technique that emphasizes the ongoing effectiveness of social engineering in real-world attacks,\u201d he said. <\/p>\n

The US Cybersecurity and Infrastructure Security Agency (CISA) has added the hole to its catalogue of known exploited vulnerabilities.<\/a> Vulnerabilities in the catalogue must be remediated by federal civilian executive branch agencies by a specified date.<\/p>\n

Asked for comment, a Microsoft spokesperson said the company recommends impacted customers follow the guidance on its\u00a0CVE page<\/a>.\u00a0It also points out that\u00a0Microsoft Defender has detections in place to block exploitation, and Office\u2019s default\u00a0Protected View<\/a>\u00a0setting provides an extra layer of protection by blocking malicious files from the internet.<\/p>\n

\u201cAs a security best practice, we encourage users to exercise caution when downloading and enabling editing on files from unknown sources, as indicated in security warnings,\u201d the spokesperson added.<\/p>\n

This article originally appeared on Computerworld<\/a>.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Microsoft is warning admins of an Office security bypass zero day vulnerability that can be triggered simply by a user opening a document. The flaw is currently being actively exploited. \u201cThe vulnerability is serious,\u201d said Johannes Ullrich, dean of research at the SANS Institute. \u201cThe root cause is that Microsoft Office still supports the older OLE document format, which provides access to various OLE components…. <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15555","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15555"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15555\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}