Microsoft rushes out fix for major Office security bug
Microsoft just dropped an emergency patch for a serious Office and 365 security flaw (CVE-2026-21509) that's already being used by attackers.
US cybersecurity officials are pushing federal agencies to update by February 16, but honestly, anyone using Word, Excel, or PowerPoint should care about this one.
What's the risk?
Hackers can send you a legit-looking document that quietly bypasses Office's usual security checks—no scary macro warnings.
If you open it, they could run code on your computer and get access without you realizing.
How do I stay safe?
If you're on Office 2021 or newer, just restart after updates—you're covered.
If you use Office 2016 (MSI-based), you'll need to install update KB5002713 or tweak a registry setting (details in Microsoft's support page), then restart.
Office 2019 requires updating to build 16.0.10417.20095.
This affects Office on Windows—so double-check your version and patch up soon!