CVE-2026-21509: Microsoft Office Zero-Day Vulnerability Under Active Exploitation

Tuesday, January 27, 2026

Top 5 Cybersecurity Stories You Should Know

1. CVE-2026-21509: Microsoft Office Zero-Day Vulnerability Under Active Exploitation — tl;dr: Microsoft has disclosed a critical security bypass vulnerability in Office applications, tracked as CVE-2026-21509, which is actively exploited in targeted cyberattacks. This flaw allows attackers to execute unauthorized code by exploiting user inputs, primarily through malicious Office documents. Organizations in finance, government, and critical infrastructure are particularly at risk. Immediate patching is essential, and Microsoft has released updates. Until patches are applied, organizations should enhance email filtering, disable Office macros, and conduct user awareness training to mitigate risks associated with this vulnerability.
   ↪ https://cyberpress.org/microsoft-office-zero-day-actively-exploited-in-targeted-cyberattacks/

2. Microsoft Issues Emergency Patch for Office Zero-Day CVE-2026-21509 — tl;dr: Microsoft has released an emergency patch for a high-severity zero-day vulnerability in Microsoft Office, tracked as CVE-2026-21509, which is actively being exploited. This vulnerability allows attackers to bypass security features by sending specially crafted Office files. Users of Office 2021 will receive automatic protection, while those using Office 2016 and 2019 must manually install updates. The U.S. CISA has added this flaw to its Known Exploited Vulnerabilities catalog, mandating federal agencies to apply the patch by February 16, 2026. Users are advised to follow registry modification steps for additional protection.
   ↪ https://thehackernews.com/2026/01/microsoft-issues-emergency-patch-for.html

3. Nike Investigates Data Breach Claims by Ransomware Group World Leaks — tl;dr: Nike is currently investigating claims made by the ransomware group World Leaks, which alleges it has leaked 1.4 terabytes of data related to the company's operations. The investigation comes amidst a backdrop of declining ransomware incidents and payments reported by FinCEN, following the disruption of major ransomware groups in 2024. Nike emphasized its commitment to consumer privacy and data security while assessing the situation. Businesses are advised to remain vigilant, report suspicious activities, and ensure robust cybersecurity measures are in place to protect sensitive information.
   ↪ https://www.pymnts.com/cybersecurity/2026/nike-investigates-ransomware-groups-claims-of-data-breach/

4. Microsoft Issues Emergency Fix for Actively Exploited Office Zero-Day (CVE-2026-21509) — tl;dr: Microsoft has released emergency updates to address a security feature bypass vulnerability (CVE-2026-21509) in Office products, which is currently being exploited in zero-day attacks. The flaw allows attackers to bypass security features by tricking users into opening malicious Office files. While exploitation requires user interaction, the vulnerability poses a significant risk. Users of Office 2021 and later will receive automatic protection, but those using Office 2016 and 2019 must manually install updates. The US Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging federal agencies to act by February 16, 2026.
   ↪ https://www.helpnetsecurity.com/2026/01/27/microsoft-reveals-actively-exploited-office-zero-day-provides-emergency-fix-cve-2026-21509/

5. Microsoft Patches CVE-2026-21509 Office Zero-Day Exploited in Targeted Attacks — tl;dr: Microsoft has released patches for CVE-2026-21509, a critical zero-day vulnerability in Office that allows attackers to bypass security features. The flaw, which has been actively exploited in targeted attacks, requires users to open malicious Office files, indicating a focus on espionage rather than widespread exploitation. Affected versions include Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise. Users are urged to update their software immediately to mitigate risks, while CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, requiring action by February 16 for government organizations.
   ↪ https://www.securityweek.com/microsoft-patches-office-zero-day-likely-exploited-in-targeted-attacks/

Featured LufSec Resource

Security Awareness (Free) — Bite-sized lessons for your whole company.
Explore →

Connect with LufSec

• YouTube: https://www.youtube.com/@lufsec
• Instagram: https://www.instagram.com/lufsec