Microsoft—Microsoft issued emergency patches for Office zero-day vulnerability exploited in wild attacks

Jan 27, 2026

Microsoft issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability tracked as CVE-2026-21509, with a CVSS score of 7.8 out of 10.0. The vulnerability allows attackers to bypass document security checks and is being actively exploited in the wild via malicious files. The emergency patch was released outside Microsoft's normal Patch Tuesday schedule due to active exploitation.

Scoring Impact

Topic	Direction	Relevance	Contribution
Data Security	-against	primary	-1.00
User Privacy	-against	secondary	-0.50
Overall incident score =			-0.643

Score = avg(topic contributions) × significance (high ×1.5) × confidence (0.57)

Evidence (1 signal)

Confirms Policy Change Jan 27, 2026 documented

Microsoft issued out-of-band patches for CVE-2026-21509 Office vulnerability

Microsoft issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks, tracked as CVE-2026-21509, with a CVSS score of 7.8 out of 10.0. The vulnerability allows attackers to bypass document security checks.

CYFIRMA

Related: Same Topics

Flutterwave · Lost ₦11 billion ($7M+) in security breach as perpetrators illegally transferred funds

Apr 1, 2024

Computacenter · Allegedly fired manager who reported Deutsche Bank security breach

Jul 1, 2023

LY Corporation · Suffered major data breach affecting 520,000 users due to shared infrastructure with Korean parent

Oct 9, 2023

ByteDance · China-based ByteDance employees repeatedly accessed nonpublic data of US TikTok users

Jun 17, 2022

Coinbase · Insider data breach exposed 69,461 customers' sensitive data, costing $355+ million

Dec 26, 2024