Wednesday, June 3, 2026
Latest:
News

Emergency Patch Issued for Microsoft Office Amid Active Hacking Threat

seanhackacademy

Microsoft has released an emergency security patch for a critical vulnerability affecting several versions of its Office software, after confirming the flaw is already being actively exploited by hackers.

The vulnerability, tracked as CVE-2026-21509, impacts Microsoft 365 Apps for Enterprise, Microsoft Office 2016 and 2019, as well as Microsoft Office LTSC 2021 and LTSC 2024. Microsoft disclosed the issue on Monday, warning that attackers are already circulating exploit code and targeting vulnerable systems.

According to the company, the flaw is being used primarily in phishing attacks. Successful exploitation requires local access to a user’s computer, which can be achieved by tricking users into opening a malicious document. Once opened, the vulnerability allows attackers to bypass built-in security protections within Office.

Cybersecurity authority CVE.org describes the issue as a case of “reliance on untrusted inputs in a security decision,” which enables an unauthorised attacker to bypass a local security feature in Microsoft Office. The vulnerability is tied to Object Linking and Embedding, or OLE, a feature that allows content, images, and links from different applications to be embedded into a single document.

“This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM and OLE controls,” Microsoft said in its advisory, without providing further technical detail. The company also confirmed that the flaw has already been abused in real-world attacks.

The emergency patch is currently rolling out. Microsoft says customers using Office 2021 and later versions will be automatically protected through a service-side update, although a restart of Office applications is required for the fix to take effect.

However, users of Microsoft Office 2016 and 2019 face a delay, as a full patch for those versions is still in development. In the meantime, Microsoft has advised affected customers to follow mitigation steps outlined in its vulnerability report, including the addition of specific registry keys to reduce exposure to the threat.

Microsoft continues to urge users and organisations to remain vigilant against phishing attempts and to ensure their systems are updated as patches become available.

Photo Credit: DepositPhotos.com

Leave a Reply

Your email address will not be published. Required fields are marked *