Microsoft Issues Emergency Patch for Actively Exploited Office Vulnerability
Microsoft has issued an out-of-band security update to fix an actively exploited zero-day vulnerability in Microsoft Office. The vulnerability is tracked as CVE-2026-21509 and has a CVSS v3.1 base score of 7.8 out of 10. The vulnerability is due to reliance on untrusted inputs in a security decision in Microsoft Office, which could allow an unauthorized actor to bypass a security feature locally.
In order to exploit the vulnerability, user interaction is required. An attacker would need to send a specially crafted Microsoft Office file and convince the user to open it, such as via email, using social engineering techniques to trick the user into opening the file. The security bypass vulnerability affects multiple Microsoft Office versions, including Office 2021 and later, and Microsoft 365 Apps for Enterprise. Some of the affected Office versions are automatically protected via a server-side change, although in order to be protected, Office applications will need to be restarted.
Affected office versions that require an update to be applied are listed below, along with the update version that must be installed.
| Affected Microsoft Office Version | Update Version |
| Microsoft Office 2019 (32-bit edition) | 16.0.10417.20095 |
| Microsoft Office 2019 (64-bit edition) | 16.0.10417.20095 |
| Microsoft Office 2016 (32-bit edition) | 16.0.5539.1001 |
| Microsoft Office 2016 (64-bit edition) | 16.0.5539.1001 |
If the update cannot be installed immediately, Microsoft has recommended mitigations to reduce the risk of exploitation. Those mitigations are:
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
- Close all Office applications
- Create a backup of the Windows Registry – Creating a backup of the Registry is important, as incorrect Windows Registry changes can cause serious problems.
- Open the Registry Editor (Start Menu > type regedit > press enter)
- Locate the appropriate registry key, and add a subkey per Microsoft’s Security Advisory
- A better explanation of the steps that should be taken has been published by Bleeping Computer
- Exit Registry Editor and start the Office application
Microsoft has not shared information about the extent to which the vulnerability is being exploited in the wild; however, since an out-of-band update has been published to fix the vulnerability, it should be assumed that the risk of exploitation is high, and the patch or mitigations should be applied as soon as possible.
Ahead of the release of official patches for Microsoft Office versions 2019, 2016, 2013, and 2010, 0patch has released micropatches.
