Blogs

Microsoft Office Vulnerability (CVE-2026-21509) in Active Exploitation

On January 26, 2026, Microsoft released an out-of-band update to address a high-severity (CVSS score of 7.8) vulnerability affecting multiple Microsoft Office products. This vulnerability, tracked as CVE-2026-21509, is being actively exploited in the wild and has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

The issue stems from the application’s “reliance on untrusted inputs when making security decisions”, which allows attackers to bypass Object Linking and Embedding (OLE) security mitigations built into Microsoft Office and Microsoft 365. Exploitation requires an attacker to convince a user to open a specially crafted malicious Office file.

Affected software includes Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, and Microsoft 365 Apps for Enterprise.

Recommended actions

Organizations should identify vulnerable Microsoft Office instances in their environments and apply updates or mitigations as appropriate. Microsoft recommends implementing protections as soon as possible given the active exploitation.

Sophos protections

The following Sophos protections target attempts to exploit this vulnerability and the execution of payloads after successful application.

VDL protection

  • Exp/2621509-A

Sophos XGS Firewall

  • 2312172

Endpoint IPS

  • 2312173
  • 2312176

These rules may provide an indication of attack or of users testing known proofs-of-concept. Users running vulnerable versions of the affected software should continue to follow current upgrade and patching advice. Sophos Intercept X also provides broad behavioral mitigation against common exploitation techniques, including techniques relevant to attempted exploitation of this vulnerability.

Sophos X-Ops continues to monitor the threat landscape for activity related to this vulnerability and will deliver detection and protection updates to Sophos products as needed.

Sophos Counter Threat Unit Research Team. (2026, January 26). Microsoft Office vulnerability (CVE-2026-21509) in active exploitation. Sophos. https://www.sophos.com/en-gb/blog/microsoft-office-vulnerability-cve-2026-21509-in-active-exploitation

More Articles

Top 10 Benefits of BricsCAD V23.2 – Part One

Wordtext Systems, Inc. August 24, 2023

If you use an older version of BricsCAD but want to know more about the latest V23.2 release, stick around. We have plenty of new and improved features and commands for you so let’s get up to speed with BricsCAD

Read More >

New Enhancements to the Sophos AI Assistant

Wordtext Systems, Inc. October 14, 2025

It isn’t just another AI tool — it’s expertise from the team behind the world’s leading MDR service. September 09, 2025 We’re pleased to announce new features to the Sophos AI Assistant, which puts easier case triage and investigation, MDR-grade

Read More >

Why Alert Management Systems Are A Must-Have In Every Company

Wordtext Systems, Inc. October 4, 2022

To conduct daily business operations as efficiently as possible, modern companies must leverage technological tools and systems and invest in the critical IT infrastructure that brings them together. But just like any man-made creation, this infrastructure, and the systems it

Read More >
More Blogs

Talk to Us

Contact us using the information below. We’ll respond promptly to your inquiries and feedback

Phone

+63 2 8858 5555

email

Email

sales@wsiphil.com.ph

Address

WSI Corporate Center 1005 Metropolitan Avenue,
Corner Kakarong, Makati, 1205 Metro Manila

Schedule

8:00am - 5:00pm, Monday - Friday 

				
					/* 

Copy this code on section to modify colors of icons, submit button, hovers 
depends on the webpage theme.

Note: Keep visibility disabled, Do not Edit this

*/

/*Contact Content Icons & Text*/
.contact-iconbox .elementor-icon {
    color: pink;
    fill: pink;
}
.contact-iconbox .elementor-icon:hover{
    color: violet;
     fill:violet ;
}
.contact-iconbox p a, .contact-iconbox p{
    color: pink !important;
}
.contact-iconbox p a:hover, .contact-iconbox p:hover{
    color: violet !important;
}

/*Contact Form*/
.contact-form .elementor-widget-container{
    background:red !important;
}
.contact-form label{
    color: blue;
}
.contact-form .wpforms-submit-container button{
    border-color: pink !important;
    background: pink !important;
}
.contact-form .wpforms-submit-container button:hover{
    background: violet !important;
    border-color: violet !important;
}