30/01/2026

Week 5 – Trusted by Default: Why Microsoft Office Remains a Prime Target

26 Jan – 1 Feb 2026

This week’s CVE of the Week highlights an actively exploited security feature bypass vulnerability in Microsoft Office.

Microsoft Office is an office suite and a family of client software, server software, and services developed by Microsoft.
It’s one of the most widely used productivity suites, relied upon daily by enterprises and individuals for document creation, data processing, and collaboration.

Office remains a high value target for threat actors, especially through phishing and malicious document delivery.

The vulnerability was disclosed in January after Microsoft confirmed active exploitation in the wild and released emergency out-of-band updates.

According to the vendor bulletin, it was identified internally by Microsoft’s Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), and the Office Product Group Security Team.

This issue is classified as Reliance on 21509 (CWE-807) and has a CVSSv3 score of 7.8 (High).
It impacts multiple supported Office versions, including

Office 2016,
Office 2019,
Office LTSC 2021,
Office LTSC 2024,
and Microsoft 365 Apps for Enterprise.

Microsoft noted that the Preview Pane is not an attack vector. Users of Office 2021 and later benefit from automatic service-side protections after restarting their applications, while Office 2016 and 2019 require updates or temporary registry based mitigations.

It allows a local exploitation to bypass Office security protections if an attacker can trick a user into opening a specially crafted Office document via phishing or social engineering. Successful exploitation bypasses Object Linking and Embedding (OLE) mitigations, potentially leading to further code execution or additional attacks.

Security Researchers urge customers using vulnerable versions to upgrade as soon as possible, as reports indicate that this flaw is already being exploited in the wild.

CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Details about the issue, the list of affected versions and additional information about mitigations and patches are available in Microsoft’s Security Response Center:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509

For more information about the vulnerability, please visit NVD’s site:
https://nvd.nist.gov/vuln/detail/CVE-2026-21509
https://www.tenable.com/cve/CVE-2026-21509

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024 and 2025.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Author: White Hat IT Security

Filed Under: CVE of the Week

Tags: cve, cveoftheweek, cybersecurity, informationsecurity, WhiteHatSeries

Week 4 – Actively Exploited Zero-Day RCE Hits Cisco Unified CM and Webex Calling