High Threat Security Alert (A26-01-21): Vulnerability in Microsoft Office


 

Published on: 27 January 2026

Description:

Microsoft has released security updates and mitigations addressing the vulnerability that affects several products in Microsoft Office. The list of security updates and mitigations can be found at:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21509

Reports indicated that a security restriction bypass vulnerability (CVE-2026-21509) is actively exploited in the wild. Microsoft has released security updates and mitigations to address the issue. System administrators and users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Microsoft 365 Apps for Enterprise for 32-bit Systems, 64-bit Systems
  • Microsoft Office 2016 (32-bit edition), (64-bit edition)
  • Microsoft Office 2019 for 32-bit editions, 64-bit editions
  • Microsoft Office LTSC 2021 for 32-bit editions, 64-bit editions
  • Microsoft Office LTSC 2024 for 32-bit editions, 64-bit editions

 

Impact:

Successful exploitation of the vulnerability could lead to security restriction bypass on an affected system.

 

Recommendation:

Security updates and mitigations for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21509
  • https://www.hkcert.org/security-bulletin/microsoft-office-security-restriction-bypass-vulnerability_20260127
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21509


Tag: Microsoft , Microsoft 365 Apps , Microsoft Office
Tags