Critical Microsoft Word Zero-Day Exploited in Wild Attacks

Microsoft reveals a zero-day Word flaw (CVE-2026-21514) exploited via phishing, urging immediate updates to prevent attacks.

By Content Team

Mar 3, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Microsoft disclosed a critical zero-day vulnerability in Word (CVE-2026-21514) on February 10, 2026, that's being actively exploited by attackers. The flaw bypasses Word's security protections, allowing malicious documents to execute code without triggering the usual "Enable Content" warnings that alert users to threats.

The vulnerability affects multiple Office versions, including Microsoft 365, Office LTSC 2021/2024, and Mac editions. Attackers exploit it by sending specially crafted Word documents through phishing emails. When victims open these files, the exploit runs silently in the background.

Microsoft has released patches for all affected versions. CISA ordered federal agencies to update by March 3, 2026, highlighting the severity of this threat.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Cyber Fraud Now Top CEO Fear, Overtaking Ransomware Threat

Jan 14, 2026

Critical Fortinet Flaws Under Active Attack

Dec 18, 2025

Critical React Security Flaw Puts 39% of Cloud Environments at Risk

Dec 4, 2025

Six Nations Release AI Security Guidelines for Critical Infrastructure

Dec 4, 2025