INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Microsoft Office Zero-Day Exploit Patch Released
| 2026-01-29 14:43 CRITICAL HIGHExecutive Summary AI-generated
The recent release of a critical update to Microsoft Office has sparked widespread concern among cybersecurity experts and users alike. The vulnerability, CVE-2026-21509, was identified as an over-reliance on untrusted inputs in the security decision for Microsoft Office 365 and Microsoft Office applications. This flaw enables attackers to bypass object linking and embedding (OLE) mitigations, which protect users from vulnerable component object model (COM) and OLE controls. The update has been released as part of the standard Microsoft Patch Tuesday process, with three out-of-band updates already published in January 2026. As a result, Cisco Security Firewall customers are advised to use the latest update to their ruleset by updating their SRU. Additionally, Snort2 rules and ClamAV signature have been made available to detect activity associated with this vulnerability. The Microsoft Office team has also released mitigation guidance for CVE-2026-21509 as part of an advisory.
Technical Mitigations AI-generated
* Use secure protocols (HTTPS) when accessing Microsoft Office or other affected software to prevent exploitation of the zero-day vulnerability.
* Implement a patch management strategy that includes regular updates and patches for all versions of Microsoft Office, including those running LTSC 2021 and later.
* Configure security controls such as firewalls, intrusion detection systems, and antivirus software to detect and block attempts to exploit the zero-day vulnerability.
* Educate users about the risks associated with exploiting this vulnerability and provide guidance on how to protect themselves, such as avoiding opening malicious Office files or using alternative methods for accessing Microsoft Office.
Technical Observables
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2026-21509CVE-2026-21509
Target & Sectors
Global Scope
Incident Timeline
January 2026
Microsoft released an update to address a zero-day vulnerability in Microsoft Office.
Click on any entity below to view its context and source!
organisation
OOB
Microsoft has published three out-of-band (OOB) updates so far in January 2026.
infrastructure
Microsoft Office
One of these updates was released to address a vulnerability,
CVE-2026-21509
, affecting Microsoft Office that has been reportedly exploited in the wild.
CVE-2026-21509
was published to address a security feature bypass vulnerability affecting Microsoft Office.
Microsoft reports that this vulnerability cannot be triggered via the Preview Pane in Microsoft Office.
organisation
Microsoft Patch
Additional OOB updates have been published to resolve operational issues experienced following installation of the updates
released
as part of the standard Microsoft Patch Tuesday process.
organisation
Cisco Security Firewall
Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU.
organisation
SRU
Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU.
organisation
ClamAV
The following ClamAV signature has been released to detect activity associated with this vulnerability:
Rtf.Exploit.
January 26
Microsoft released a patch for the zero-day vulnerability in Microsoft Office on January 26.
Click on any entity below to view its context and source!
infrastructure
Microsoft Office
The tech giant released a patch in
a January 26 advisory
for the flaw which has been summarized as an over-reliance on untrusted inputs in a security decision in Microsoft Office that can allow an unauthorized attacker to bypass a security feature locally.
vulnerability
CVE-2026-21509
It was reported on January 26 by Microsoft, was allocated the CVE-2026-21509 tracking number and was ranked as high-severity, with a CVSS 3.1 score of 7.8.
vulnerability
CVSS 3.1
It was reported on January 26 by Microsoft, was allocated the CVE-2026-21509 tracking number and was ranked as high-severity, with a CVSS 3.1 score of 7.8.
general_metric
3.1 score
It was reported on January 26 by Microsoft, was allocated the CVE-2026-21509 tracking number and was ranked as high-severity, with a CVSS 3.1 score of 7.8.
Jan 27, 2026
Microsoft released an update to address a zero-day vulnerability in Microsoft Office.
Jan 27
Microsoft released an update to address a zero-day vulnerability in Microsoft Office.
Click on any entity below to view its context and source!
infrastructure
Microsoft Office
Ravie Lakshmanan
Jan 27, 2026
Zero-Day / Vulnerability
Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks.
organisation
Microsoft
Ravie Lakshmanan
Jan 27, 2026
Zero-Day / Vulnerability
Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks.
2016, 2019
Microsoft releases update to address zero-day vulnerability in Microsoft Office 2016.
Click on any entity below to view its context and source!
infrastructure
Microsoft 365
It affects several versions of Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024 and Microsoft 365 Apps for Enterprise.
general_metric
365 Microsoft
It affects several versions of Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024 and Microsoft 365 Apps for Enterprise.
infrastructure
Microsoft Office 2016
It affects several versions of Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024 and Microsoft 365 Apps for Enterprise.
organisation
LTSC 2021
It affects several versions of Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024 and Microsoft 365 Apps for Enterprise.
organisation
LTSC 2024
It affects several versions of Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024 and Microsoft 365 Apps for Enterprise.
general_metric
2021 LTSC
It affects several versions of Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024 and Microsoft 365 Apps for Enterprise.
general_metric
2024 LTSC
It affects several versions of Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024 and Microsoft 365 Apps for Enterprise.
2026-01-29
Microsoft Releases Patch for Office Zero Day As mitigation, the company is urging that customers make a Windows Registry change by following the steps outlined below.
Click on any entity below to view its context and source!
organisation
Microsoft Office
Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation.
It has been described as a security feature bypass in Microsoft Office.
"Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally," the tech giant
said
in an advisory.
"This update addresses a vulnerability that bypasses
OLE
mitigations in Microsoft 365 and Microsoft Office, which protect users from vulnerable COM/OLE controls.
As mitigation, the company is urging that customers make a Windows Registry change by following the steps outlined below -
Take a
backup of the Registry
Exit all Microsoft Office applications
Start the Registry Editor
Locate the proper registry subkey -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit MSI Office or 32-bit MSI Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit MSI Office on 64-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit Click2Run Office or 32-bit Click2Run Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit Click2Run Office on 64-bit Windows
Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and choosing Add Key.
Microsoft releases update to address zero-day vulnerability in Microsoft Office.
A new high-severity zero-day vulnerability in Microsoft Office has been exploited in the wild, according to Microsoft.
The flaw enables an attacker to bypass object linking and embedding (OLE) mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable component object model (COM) and OLE controls.
organisation
CVSS
The vulnerability, tracked as
CVE-2026-21509
, carries a CVSS score of 7.8 out of 10.0.
organisation
DWORD
Within that subkey, add new value by right-clicking the new subkey and choosing New > DWORD (32-bit) Value
Add a REG_DWORD hexadecimal value called "Compatibility Flags" with a value of 400
Exit Registry Editor and start the Office application
Microsoft has not shared any details about the nature and the scope of attacks exploiting CVE-2026-21509.
organisation
Exit Registry
Within that subkey, add new value by right-clicking the new subkey and choosing New > DWORD (32-bit) Value
Add a REG_DWORD hexadecimal value called "Compatibility Flags" with a value of 400
Exit Registry Editor and start the Office application
Microsoft has not shared any details about the nature and the scope of attacks exploiting CVE-2026-21509.
organisation
Reliance
"Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally," the tech giant
said
in an advisory.
organisation
Microsoft 365
"This update addresses a vulnerability that bypasses
OLE
mitigations in Microsoft 365 and Microsoft Office, which protect users from vulnerable COM/OLE controls.
The flaw enables an attacker to bypass object linking and embedding (OLE) mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable component object model (COM) and OLE controls.
organisation
OLE
"This update addresses a vulnerability that bypasses
OLE
mitigations in Microsoft 365 and Microsoft Office, which protect users from vulnerable COM/OLE controls.
The flaw enables an attacker to bypass object linking and embedding (OLE) mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable component object model (COM) and OLE controls.
infrastructure
Windows
As mitigation, the company is urging that customers make a Windows Registry change by following the steps outlined below -
Take a
backup of the Registry
Exit all Microsoft Office applications
Start the Registry Editor
Locate the proper registry subkey -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit MSI Office or 32-bit MSI Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit MSI Office on 64-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit Click2Run Office or 32-bit Click2Run Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit Click2Run Office on 64-bit Windows
Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and choosing Add Key.
The Windows maker said customers running Office 2021 and later will be automatically protected via a
service-side change
, but will be required to restart their Office applications for this to take effect.
infrastructure
16.0
As mitigation, the company is urging that customers make a Windows Registry change by following the steps outlined below -
Take a
backup of the Registry
Exit all Microsoft Office applications
Start the Registry Editor
Locate the proper registry subkey -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit MSI Office or 32-bit MSI Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit MSI Office on 64-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit Click2Run Office or 32-bit Click2Run Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit Click2Run Office on 64-bit Windows
Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and choosing Add Key.
organisation
Windows Registry
As mitigation, the company is urging that customers make a Windows Registry change by following the steps outlined below -
Take a
backup of the Registry
Exit all Microsoft Office applications
Start the Registry Editor
Locate the proper registry subkey -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit MSI Office or 32-bit MSI Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit MSI Office on 64-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit Click2Run Office or 32-bit Click2Run Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit Click2Run Office on 64-bit Windows
Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and choosing Add Key.
organisation
the Registry
Exit
As mitigation, the company is urging that customers make a Windows Registry change by following the steps outlined below -
Take a
backup of the Registry
Exit all Microsoft Office applications
Start the Registry Editor
Locate the proper registry subkey -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit MSI Office or 32-bit MSI Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit MSI Office on 64-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit Click2Run Office or 32-bit Click2Run Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit Click2Run Office on 64-bit Windows
Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and choosing Add Key.
organisation
Compatibility\
As mitigation, the company is urging that customers make a Windows Registry change by following the steps outlined below -
Take a
backup of the Registry
Exit all Microsoft Office applications
Start the Registry Editor
Locate the proper registry subkey -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit MSI Office or 32-bit MSI Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit MSI Office on 64-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit Click2Run Office or 32-bit Click2Run Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit Click2Run Office on 64-bit Windows
Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and choosing Add Key.
organisation
MSI Office
As mitigation, the company is urging that customers make a Windows Registry change by following the steps outlined below -
Take a
backup of the Registry
Exit all Microsoft Office applications
Start the Registry Editor
Locate the proper registry subkey -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit MSI Office or 32-bit MSI Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit MSI Office on 64-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit Click2Run Office or 32-bit Click2Run Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit Click2Run Office on 64-bit Windows
Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and choosing Add Key.
organisation
Click2Run Office
As mitigation, the company is urging that customers make a Windows Registry change by following the steps outlined below -
Take a
backup of the Registry
Exit all Microsoft Office applications
Start the Registry Editor
Locate the proper registry subkey -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit MSI Office or 32-bit MSI Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit MSI Office on 64-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit Click2Run Office or 32-bit Click2Run Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit Click2Run Office on 64-bit Windows
Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and choosing Add Key.
organisation
Microsoft
Microsoft releases update to address zero-day vulnerability in Microsoft Office.
Microsoft Releases Patch for Office Zero Day
infrastructure
Microsoft Office 2019
For those running Office 2016 and 2019, it's required to install the following updates -
Microsoft Office 2019 (32-bit edition) - 16.0.10417.20095
Microsoft Office 2019 (64-bit edition) - 16.0.10417.20095
Microsoft Office 2016 (32-bit edition) - 16.0.5539.1001
Microsoft Office 2016 (64-bit edition) - 16.0.5539.1001
infrastructure
Microsoft Office 2016
For those running Office 2016 and 2019, it's required to install the following updates -
Microsoft Office 2019 (32-bit edition) - 16.0.10417.20095
Microsoft Office 2019 (64-bit edition) - 16.0.10417.20095
Microsoft Office 2016 (32-bit edition) - 16.0.5539.1001
Microsoft Office 2016 (64-bit edition) - 16.0.5539.1001
Microsoft confirmed that it detected evidence of exploitation in the wild and urged customers running Microsoft Office 2016 and 2019 to ensure the update is installed to be protected.
infrastructure
16.0.10417
For those running Office 2016 and 2019, it's required to install the following updates -
Microsoft Office 2019 (32-bit edition) - 16.0.10417.20095
Microsoft Office 2019 (64-bit edition) - 16.0.10417.20095
Microsoft Office 2016 (32-bit edition) - 16.0.5539.1001
Microsoft Office 2016 (64-bit edition) - 16.0.5539.1001
infrastructure
16.0.5539
For those running Office 2016 and 2019, it's required to install the following updates -
Microsoft Office 2019 (32-bit edition) - 16.0.10417.20095
Microsoft Office 2019 (64-bit edition) - 16.0.10417.20095
Microsoft Office 2016 (32-bit edition) - 16.0.5539.1001
Microsoft Office 2016 (64-bit edition) - 16.0.5539.1001
organisation
Office
"
Successful exploitation of the flaw relies on an attacker sending a specially crafted Office file and convincing recipients to open it.
To achieve a successful exploit, the attacker must send a user a malicious Office file and convince them to open it, said Microsoft in the advisory.
February 16, 2026
Microsoft released an update to address a zero-day vulnerability in Microsoft Office.
Click on any entity below to view its context and source!
attribution
Known Exploited
The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to
add
the flaw to its Known Exploited Vulnerabilities (
KEV
) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patches by February 16, 2026.
tactic
T1588.006 - Vulnerabilities
The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to
add
the flaw to its Known Exploited Vulnerabilities (
KEV
) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patches by February 16, 2026.
attribution
KEV
The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to
add
the flaw to its Known Exploited Vulnerabilities (
KEV
) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patches by February 16, 2026.
attribution
Federal Civilian Executive Branch
The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to
add
the flaw to its Known Exploited Vulnerabilities (
KEV
) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patches by February 16, 2026.
attribution
FCEB
The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to
add
the flaw to its Known Exploited Vulnerabilities (
KEV
) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patches by February 16, 2026.
Tactical Metrics
Metrics
infrastructure
Microsoft Office
Affected Product
Click for context!
Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation.
Ravie Lakshmanan
Jan 27, 2026
Zero-Day / Vulnerability
Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks.
It has been described as a security feature bypass in Microsoft Office.
"Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally," the tech giant
said
in an advisory.
"This update addresses a vulnerability that bypasses
OLE
mitigations in Microsoft 365 and Microsoft Office, which protect users from vulnerable COM/OLE controls.
As mitigation, the company is urging that customers make a Windows Registry change by following the steps outlined below -
Take a
backup of the Registry
Exit all Microsoft Office applications
Start the Registry Editor
Locate the proper registry subkey -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit MSI Office or 32-bit MSI Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit MSI Office on 64-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit Click2Run Office or 32-bit Click2Run Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit Click2Run Office on 64-bit Windows
Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and choosing Add Key.
Microsoft releases update to address zero-day vulnerability in Microsoft Office.
One of these updates was released to address a vulnerability,
CVE-2026-21509
, affecting Microsoft Office that has been reportedly exploited in the wild.
CVE-2026-21509
was published to address a security feature bypass vulnerability affecting Microsoft Office.
Microsoft reports that this vulnerability cannot be triggered via the Preview Pane in Microsoft Office.
A new high-severity zero-day vulnerability in Microsoft Office has been exploited in the wild, according to Microsoft.
The tech giant released a patch in
a January 26 advisory
for the flaw which has been summarized as an over-reliance on untrusted inputs in a security decision in Microsoft Office that can allow an unauthorized attacker to bypass a security feature locally.
The flaw enables an attacker to bypass object linking and embedding (OLE) mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable component object model (COM) and OLE controls.
Metrics
infrastructure
Microsoft 365
Affected Product
"This update addresses a vulnerability that bypasses
OLE
mitigations in Microsoft 365 and Microsoft Office, which protect users from vulnerable COM/OLE controls.
The flaw enables an attacker to bypass object linking and embedding (OLE) mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable component object model (COM) and OLE controls.
It affects several versions of Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024 and Microsoft 365 Apps for Enterprise.
Metrics
infrastructure
Windows
Affected Product
The Windows maker said customers running Office 2021 and later will be automatically protected via a
service-side change
, but will be required to restart their Office applications for this to take effect.
As mitigation, the company is urging that customers make a Windows Registry change by following the steps outlined below -
Take a
backup of the Registry
Exit all Microsoft Office applications
Start the Registry Editor
Locate the proper registry subkey -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit MSI Office or 32-bit MSI Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit MSI Office on 64-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit Click2Run Office or 32-bit Click2Run Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit Click2Run Office on 64-bit Windows
Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and choosing Add Key.
Metrics
infrastructure
Microsoft Office 2019
Affected Product
For those running Office 2016 and 2019, it's required to install the following updates -
Microsoft Office 2019 (32-bit edition) - 16.0.10417.20095
Microsoft Office 2019 (64-bit edition) - 16.0.10417.20095
Microsoft Office 2016 (32-bit edition) - 16.0.5539.1001
Microsoft Office 2016 (64-bit edition) - 16.0.5539.1001
Metrics
infrastructure
Microsoft Office 2016
Affected Product
For those running Office 2016 and 2019, it's required to install the following updates -
Microsoft Office 2019 (32-bit edition) - 16.0.10417.20095
Microsoft Office 2019 (64-bit edition) - 16.0.10417.20095
Microsoft Office 2016 (32-bit edition) - 16.0.5539.1001
Microsoft Office 2016 (64-bit edition) - 16.0.5539.1001
It affects several versions of Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024 and Microsoft 365 Apps for Enterprise.
Microsoft confirmed that it detected evidence of exploitation in the wild and urged customers running Microsoft Office 2016 and 2019 to ensure the update is installed to be protected.
Metrics
infrastructure
16.0.10417
Software Version
For those running Office 2016 and 2019, it's required to install the following updates -
Microsoft Office 2019 (32-bit edition) - 16.0.10417.20095
Microsoft Office 2019 (64-bit edition) - 16.0.10417.20095
Microsoft Office 2016 (32-bit edition) - 16.0.5539.1001
Microsoft Office 2016 (64-bit edition) - 16.0.5539.1001
Metrics
infrastructure
16.0.5539
Software Version
For those running Office 2016 and 2019, it's required to install the following updates -
Microsoft Office 2019 (32-bit edition) - 16.0.10417.20095
Microsoft Office 2019 (64-bit edition) - 16.0.10417.20095
Microsoft Office 2016 (32-bit edition) - 16.0.5539.1001
Microsoft Office 2016 (64-bit edition) - 16.0.5539.1001
Metrics
infrastructure
16.0
Software Version
As mitigation, the company is urging that customers make a Windows Registry change by following the steps outlined below -
Take a
backup of the Registry
Exit all Microsoft Office applications
Start the Registry Editor
Locate the proper registry subkey -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit MSI Office or 32-bit MSI Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit MSI Office on 64-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ for 64-bit Click2Run Office or 32-bit Click2Run Office on 32-bit Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ for 32-bit Click2Run Office on 64-bit Windows
Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and choosing Add Key.
Intelligence Sources
The Hacker News
2026-01-27
Talos Intelligence
2026-01-29
Infosecurity-Magazine
2026-01-27
Microsoft Releases Patch for Office Zero Day Amid Evidence of Exploitation
Infosecurity-Magazine
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-04-27T06:38
Comprehensive Tactical Telemetry
Highly Correlated Entities
21x
organisation
Identified Entity
Microsoft Office
entity
12x
timeline
Temporal Reference
Jan 27, 2026
date
11x
attribution
Attributing Entity
Microsoft Security Response Center
authority
5x
infrastructure
Affected Product
Microsoft Office
software
3x
infrastructure
Software Version
16.0.10417
version
2x
vulnerability
CVSS Score
8
score
2x
general metric
Bit
32
bit
2x
general metric
Ltsc
2,021
ltsc
Contextual Telemetry
Context Block
7 METRICS
vulnerability
Exploited CVE
CVE-2026-21509
cve
general metric
Microsoft
365
microsoft
general metric
Microsoft Office
2,016
microsoft office
general metric
Exit Registry Editor
400
exit registry editor
general metric
Cve-2026
21,509
cve-2026
tactic
MITRE ATT&CK Technique
T1588.006 - Vulnerabilities
technique
general metric
Score
3
score
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.