Microsoft Rushes Emergency Patch for Office Zero-Day Under Active Attack

Microsoft issues urgent patch for a zero-day Office vulnerability, CVE-2026-21509, to thwart ongoing hacker exploits.

By Content Team

Jan 28, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Microsoft released an emergency patch for CVE-2026-21509, a zero-day vulnerability in Office and Microsoft 365 that attackers are actively exploiting. The bug allows hackers to bypass security controls and execute malicious code by tricking users into opening infected Office files.

CISA added the vulnerability to its known exploited list, giving federal agencies until February 16 to patch or stop using affected products. Security experts believe this is likely a tool for advanced persistent threats, possibly state-sponsored groups targeting high-value victims through social engineering.

Office 2021 users just need to restart their apps for automatic protection, while Office 2016 and 2019 users must install manual updates.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Asahi Beer Giant Hit by Massive Cyber-Attack, 1.5 Million Customers' Data at Risk

Nov 28, 2025

Hackers Target Developers Through Malicious VS Code and AI IDE Extensions

Dec 8, 2025

Logitech Confirms Data Breach in Oracle Hack Campaign

Dec 11, 2025

Civil Rights Groups Demand Inquiry Into UK Data Watchdog After Afghan Breach Failures

Nov 25, 2025