Microsoft Issues Emergency Patch for Critical Security Flaw

On Monday, Microsoft released security patches for a critical vulnerability in Microsoft Office, identified as CVE-2026-21509, which has a severity score of 7.8 out of 10. This flaw allows attackers to bypass a security feature in Microsoft Office by exploiting untrustworthy information, potentially compromising a computer's defenses. The vulnerability affects Microsoft 365 and Microsoft Office, requiring users to open a specially crafted Office file to be exploited. The preview feature in Office is not vulnerable to this attack.

Users of Office 2021 and newer versions will receive automatic protection upon restarting their Office programs, while those using Office 2016 or 2019 need to manually install the updates. Microsoft also recommends a registry change for additional protection, with detailed instructions provided.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recognized this flaw as actively exploited, mandating federal agencies to apply the fixes by February 16, 2026. Microsoft has not disclosed specific details about the exploitation but acknowledged the efforts of its security teams in identifying the issue.

Stay secure — stay Wavasec. 🔐