Signal

Microsoft issues emergency patch for actively exploited office zero-day (CVE-2026-21509)

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-01-27 08:41 UTCUpdated 2026-01-27 20:07 UTC

rss

microsoftmicrosoft_officezero_dayout_of_band_patchactive_exploitationsecurity_feature_bypass

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Microsoft Rushes Emergency Patch for Office Zero-Day

Dark Reading · News · darkreading.com · 2026-01-27 20:07 UTC

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

The Hacker News · News · thehackernews.com · 2026-01-27 10:37 UTC

Office zero-day exploited in the wild forces Microsoft OOB patch

theregister_security · News · go.theregister.com · 2026-01-27 10:35 UTC

Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks

SecurityWeek · News · securityweek.com · 2026-01-27 08:41 UTC

View all evidence

Overview

Microsoft issued an out-of-band update for a high-severity Microsoft Office zero-day tracked as CVE-2026-21509 after confirming active exploitation. Coverage frames the bug as a security feature bypass and highlights practical exploitation paths (system access or persuading a user to open a malicious Office file), with some reporting noting uneven remediation options across Office versions.

Score total

1.57

Momentum 24h

4

Posts

4

Origins

4

Source types

1

Duplicate ratio

0%

Why now

Microsoft issued an out-of-band update in response to active exploitation.
Multiple outlets flagged CVE-2026-21509 within the same news cycle.
Reports emphasize real-world attacks and feasible exploitation conditions.

Why it matters

Active exploitation increases urgency for patching and interim mitigations.
Security feature bypasses can weaken defensive controls in common Office workflows.
Malicious Office files remain a practical delivery path for real-world attacks.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Microsoft released an out-of-band (emergency) patch for an actively exploited Microsoft Office zero-day tracked as CVE-2026-21509.
CVE-2026-21509 is described as a security feature bypass in Microsoft Office.
One described exploitation path is either having system access or convincing a user to open a malicious Office file.

How sources frame it

The Hacker News: neutral
SecurityWeek: neutral
The Register: neutral
Dark Reading: neutral

Convergent reporting across four outlets; keep claims tightly scoped to what each post states.

All evidence

All evidence

Microsoft Rushes Emergency Patch for Office Zero-Day

Dark Reading · darkreading.com · 2026-01-27 20:07 UTC

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

The Hacker News · thehackernews.com · 2026-01-27 10:37 UTC

Office zero-day exploited in the wild forces Microsoft OOB patch

theregister_security · go.theregister.com · 2026-01-27 10:35 UTC

Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks

SecurityWeek · securityweek.com · 2026-01-27 08:41 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

Dark Reading (1)
The Hacker News (1)
theregister_security (1)
SecurityWeek (1)

Top origin domains (this list)

darkreading.com (1)
thehackernews.com (1)
go.theregister.com (1)
securityweek.com (1)