Microsoft has released an emergency Out-of-band (OOB) security update to address a critical Zero-Day vulnerability in Microsoft Office. The flaw, identified as CVE-2026-21509, is currently being exploited in the wild and carries a high-severity CVSS score of 7.8/10.
Technical Breakdown: OLE Security Feature Bypass
The vulnerability is classified as a Security Feature Bypass. It stems from an improper trust validation within Office, allowing attackers to circumvent OLE (Object Linking and Embedding) protections. These safeguards were originally designed to block malicious interactions from compromised COM/OLE controls.
By bypassing these features, an attacker can execute unauthorized code or plant malware on a victim's system.