Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office. "Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized
![]()
source https://thehackernews.com/2026/01/microsoft-issues-emergency-patch-for.html
source https://thehackernews.com/2026/01/microsoft-issues-emergency-patch-for.html