"Microsoft has issued an emergency patch designed to resolve a zero-day security vulnerability affecting several versions of Microsoft Office. Already exploited in the wild, the flaw could allow an attacker to skirt past Office's built-in security measures and send victims a malicious document. Zero-day vulnerability In a note published Monday, Microsoft revealed details behind the flaw, known as a Microsoft Office Security Feature Bypass Vulnerability."
"OLE (Object Linking and Embedding) lets Office link to or embed files, text, images, and other content from external applications. The OLE mitigations are supposed to prevent hackers from exploiting these controls to send malicious files and documents. Attackers take advantage of such vulnerabilities to launch phishing campaigns in which you're prompted to open a malicious file attachment. With the built-in security not working properly, the malicious code in the file can then easily infect your system."
Microsoft issued an emergency patch addressing a zero-day Microsoft Office Security Feature Bypass Vulnerability (CVE-2026-21509) that is already exploited in the wild. The flaw bypasses OLE mitigations, allowing Office to link or embed external content in a way that can be abused to deliver malicious document attachments. Attackers exploit the weakness in phishing campaigns that prompt users to open infected files, enabling embedded malicious code to execute and infect systems. Affected products include Office 2016 (32-bit), Office 2019 (32/64-bit), Microsoft 365 Apps for Enterprise (32/64-bit), Office LTSC 2021 and LTSC 2024 (32/64-bit). Patch availability and installation procedures depend on the Office edition; some versions require manual updates.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]