InfoSecBulletin Cybersecurity for mankind
Microsoft has issued emergency security updates to fix a critical zero-day vulnerability in Microsoft Office that has been actively exploited. The vulnerability, CVE-2026-21509, affects several Office versions: Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise (the company’s cloud-based subscription service).
“Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally. An attacker must send a user a malicious Office file and convince them to open it,” Microsoft explained.
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
World’s first wind power underwater data center is now live
VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts
CVE-2026-50751
Check Point VPN 0-day Flaw Exploited in the WildÂ
AI-designed First ‘universal vaccine’ tested in humans
China Unveils First Prefabricated Data Center Base, Reducing Construction Time by 70%
Hacker now exploits recently patched SolarWinds Serv-U flaw
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass
Ransomware Crisis Deepens: 4,089 Victims Hit Across 121 Countries in 2026
“This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls.” “Customers on Office 2021 and later will be automatically protected via a service-side change, but will be required to restart their Office applications for this to take effect,” it added.
Although Office 2016 and 2019 aren’t immediately patched against attacks, Microsoft has provided confusing mitigation measures that could “reduce the severity of exploitation.”
We have attempted to clear this up with our instructions below:
- Close all Microsoft Office applications.
2. Create a backup of the Windows Registry, as incorrectly editing it can cause issues with the operating system.
3. Open the Windows Registry Editor (regedit.exe) by clicking on the Start menu and typing regedit, and then pressing Enter when it appears in the search results.
4. When open, use the address bar at the top to see if one of the following Registry keys exists:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ (for 64-bit Office, or 32-bit Office on 32-bit Windows)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ (for 32-bit Office on 64-bit Windows)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\If one of the above keys does not exist, create a new “COM Compatibility” key under this Registry path by right-clicking on Common and selecting New -> Key.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\5. Now right-click on the existing or newly created COM Compatibility key and select New -> Key and name it {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B}.
6. When the new {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} is created, right-click on it, select New -> DWORD (32-bit) Value. Name the new value Compatibility Flags.
7. When the Compatibility Flags value is created, double-click on it, make sure the Base option is set to Hexadecimal, and enter 400 in the Value data field.
The flaw will be fixed the next time you open an Office application. Microsoft has not shared who discovered the vulnerability or any details on how it is exploited.
