Microsoft Patches Office Zero-Day Used in Attacks

Microsoft released a critical security update after attackers exploited a zero-day vulnerability in its Office suite. The flaw, tracked as CVE-2026-21509, allows adversaries to bypass essential security defenses, prompting Microsoft to act swiftly. With this update, Microsoft patches Office against an actively used exploit that poses a real-world risk to users.

Security researchers identified the vulnerability as being targeted in the wild, making it a high-priority threat. The patch addresses not only CVE-2026-21509 but also several additional vulnerabilities: CVE-2026-20045, CVE-2026-23550, and CVE-2024-38021. Each could potentially impact enterprise and individual systems if left unaddressed.

Microsoft urges users to apply the new updates without delay to secure their systems. The release reaffirms how high-profile software remains an attractive target for attackers. As Microsoft patches Office yet again to shield customers, the urgency around rapid patch adoption remains stronger than ever.

Under Attack: Microsoft Patches Office Zero-Day (CVE-2026-21509) Exploited in the Wild