Microsoft Patches Actively Exploited Office Zero-Day Vulnerability

Microsoft issues emergency patch for CVE-2026-21509, a zero-day in Office exploited via phishing. Update now for protection.

By Content Team

Jan 27, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Microsoft rushed out emergency security updates on January 26, 2026, to fix CVE-2026-21509, a zero-day vulnerability in Microsoft Office that hackers are actively exploiting. The flaw lets attackers bypass Office security protections by tricking users into opening malicious files through phishing emails.

Rated "Important" with a 7.8 severity score, the vulnerability affects multiple Office versions including 2016, 2019, 2021, and Microsoft 365. Office 2021 and newer versions get automatic protection after restarting, while older versions need manual updates or registry modifications.

This marks the second actively exploited zero-day patched this month. Organizations should prioritize installing these updates immediately and watch for suspicious Office attachments, as threat actors commonly use this attack method for ransomware and advanced persistent threat campaigns.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Google Patches Critical Chrome Zero-Day Under Active Attack

Feb 17, 2026

WatchGuard Patches Critical Firebox Zero-Day After Wild Exploitation

Dec 22, 2025

FortiGate Firewalls Under Attack: Hackers Exploit Critical Vulnerabilities to Steal Corporate Credentials

Mar 15, 2026

Instagram Fixes Password Reset Bug as Old Data Leak Resurfaces

Jan 12, 2026