Home About Courses Live Batches Private Sessions Labs Cyber Bulletin Verify Contact

Login

Advisory on Microsoft Office Zero-Day Vulnerability (CVE-2026-21509)

Published on: January 28, 2026

Share:
Advisory on Microsoft Office Zero-Day Vulnerability (CVE-2026-21509)

Overview: 

Microsoft has released an out-of-band emergency security update to address a high-severity zero-day vulnerability in Microsoft Office, tracked as CVE-2026-21509. The vulnerability is actively exploited in the wild and allows attackers to bypass built-in security protections related to OLE/COM controls by convincing users to open a specially crafted Office document. The vulnerability has a CVSS score of 7.8 and is classified as a security feature bypass

How It Impacts:

If successfully exploited, this vulnerability allows an unauthorized local attacker to bypass Microsoft Office security features designed to protect users from vulnerable COM/OLE controls.

Key impact points:

  • Exploitation requires user interaction (opening a malicious Office file)
  • Preview Pane is not an attack vector
  • Can be used as part of broader attack chains (e.g., malware delivery, lateral movement)
  • Actively exploited in real-world attacks

Who It Impacts: 

This vulnerability affects:

  • Organizations using Microsoft Office 2016 and 2019
  • Users opening Office documents from untrusted or external sources
  • Environments without the latest Office updates or mitigations applied
  • Microsoft 365 and Office 2021+ users receive protection via a service-side change, but must restart Office applications for protection to activate.

Affected and Patched Versions:

 

ProductArchitectureAffectedPatched Version
Microsoft Office 201932-bitYes16.0.10417.20095
Microsoft Office 201964-bitYes16.0.10417.20095
Microsoft Office 201632-bitYes16.0.5539.1001
Microsoft Office 201664-bitYes16.0.5539.1001
Microsoft Office 2021+ / Microsoft 365N/AProtected via service-side fixRestart required



 

CVE Details:

CVE CVE-2026-21509
SeverityHigh
CVSS Score7.8



 

Mitigation Summary

  • Office 2021 and later:
    These versions are automatically protected through a Microsoft service-side update.
    Action required: Users must restart all Office applications for the protection to take effect.
  • Office 2016 and 2019:
    These versions are not protected by default and require either:
    • Installation of the latest Microsoft security updates, or
    • Application of the registry-based mitigation detailed below for immediate protection.

Registry-Based Mitigation 

Important Notice:
Incorrect changes to the Windows Registry may cause system instability. Please ensure a valid registry backup is taken prior to making any modifications.
Microsoft guidance: ?https://support.microsoft.com/en-us/help/322756/how-to-back-up-and-restore-the-registry-in-windows

Steps to Apply the Mitigation

  1. Close all Microsoft Office applications.
  2. Open Registry Editor:
    • Press Windows Key + R
    • Type regedit
    • Press Enter
  3. Navigate to the applicable registry path based on your Office installation:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ (for 64-bit MSI Office, or 32-bit MSI Office on 32-bit Windows) 

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ (for 32-bit MSI Office on 64-bit Windows)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ (for 64-bit Click2Run Office, or 32-bit Click2Run Office on 32-bit Windows) 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ (for 32-bit Click2Run Office on 64-bit Windows)

???? ????  Note: If the COM Compatibility key does not exist, create it manually under the Common key.

????   Create the Following Registry Entry

???
???4. Under COM Compatibility, create a new subkey: {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B}

Inside this subkey, create a new value:

  • Name: Compatibility Flags
  • Type: DWORD (32-bit)
  • Value (Hexadecimal): 400

         5. Exit Registry Editor and start your Office application.
 

Recommendations: 

  1. Immediately apply security updates
  2. Install the latest patches for Office 2016 and 2019 as listed above.
  3. Restart Office applications after patching or service-side updates.
  4. Apply registry-based mitigation (if patching is delayed)
  5. Backup the Windows Registry before making changes.
  6. Add the specified COM Compatibility registry key and set:
  7. Compatibility Flags (DWORD, Hexadecimal) = 400
  8. Follow Microsoft’s documented registry paths based on Office installation type (MSI vs Click-to-Run, 32-bit vs 64-bit).
  9. Advise users to avoid opening Office files from unknown or untrusted sources.

Reference Links:

← Back to all bulletins