Microsoft patches actively exploited Office zero-day vulnerability

Microsoft patches actively exploited Office zero-day vulnerability

Category: <h2 class="cBlue inline m-r-10">Arti<span class="cOrange">cles</span></h2>

Microsoft patches actively exploited Office zero-day vulnerability

Information:

  Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer. You can create and edit documents containing text and images, work with data in spreadsheets and databases, and create presentations and posters.

Incident:

  Microsoft has issued emergency out-of-band security updates to address a high-severity zero-day vulnerability, tracked as CVE-2026-21509, which affects several versions of Microsoft Office including Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365.  

  This vulnerability arises from the system using untrusted input for security decisions, allowing attackers to bypass OLE safeguards that protect users from vulnerable COM/OLE controls. 

  However, the attack requires user interaction; the attacker must send a malicious Office file and trick the user into opening it.

Recommendation:

  Users on Microsoft 365 and Office 2021 or later are automatically protected via service-side changes, they must restart their applications for the fix to take effect. For those unable to update immediately, Microsoft has provided a technical workaround involving a specific Windows Registry modification to block the vulnerable COM controls, while strongly advising users to remain cautious with files from unknown sources.

The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
061 387 9439 (Ms.Sirilak)
092 257 6902 (Ms.Narusorn)
063 197 7510 (Mr.Yanotai)
065 725 7405 (Ms.Nattharini)
065 725 7405 (Ms.Donraya)

References:

-https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-actively-exploited-office-zero-day-vulnerability/

 

Weekly Interesting CVE

NO.

CVE Name

Published Date

Last Update

Device/Appplication/OS Target

Attack Type

CVSS
Severity Rating

Detail

Solution

Reference
1

CVE-2026-20045

21/1/2026

22/1/2026

Cisco Unified Communications

Remote Code Execution

8.2

A vulnerability in the web-based management interface of Cisco Unified Communications products allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The flaw is due to improper input validation of HTTP requests. An attacker could gain user-level access and subsequently elevate privileges to root.

  1. Update to Unified CM versions 12.5(1)SU9, 14SU4a, or 15SU2

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

 
2

CVE-2025-59718

9/12/2025

14/1/2026

Fortinet

Authentication Bypass

9.1

An improper verification of cryptographic signature vulnerability in many version of Fortinet allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Disable FortiCloud login features temporarily or update latest version

https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios
3

CVE-2025-0103

1/10/2025

01/23/2026

Paloaltonetworks

SQL injection

9.2

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.

Update to version 1.2.96 or higher immediately.

https://nvd.nist.gov/vuln/detail/CVE-2025-0103
 4

CVE-2026-24635

01/23/2026

01/23/2026

WordPress
EduBlink Core plugin <= 2.0.7

Filename control

7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DevsBlink EduBlink Core edublink-core allows PHP Local File Inclusion.

No official fix available

https://app.opencve.io/cve/CVE-2026-24635
5

CVE-2026-21986

20/1/2026

23/1/2026

Oracle
Vm Virtualbox For Windows OS
7.1.14 and 7.2.4

Denial of Service (DoS

7.1

Vulnerability in the Oracle VM VirtualBox. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.

Update to the latest version.

https://app.opencve.io/cve/CVE-2026-21986

Malware News or Campaign IOC/IOA | EN

No

Campaign Name

Detection Date

Attack

Type

  

Description

  

Mitigation/Remediation
1

Konni hackers target blockchain engineers with AI-built malware​

24/01/2026​

Malware​

An attack campaign has been identified from the Konni hacker group, which is believed to be linked to North Korea. The group is using AI-generated malware, beginning with the distribution of malicious links embedded with harmful code. After the payload is downloaded, the malware disguises itself as legitimate system-related files or processes to maintain persistence within the system and evade detection. The primary objective of this campaign is to gain access to sensitive information and digital wallets. The attacks are currently focused on the Asia-Pacific region, particularly Japan, Australia, and India, with the potential to expand to additional countries in the future.​
  • Avoid clicking links from untrusted or unexpected sources​
  • Download software only from official sources​
  • Keep systems and software up to date​

Ref:https://www.bleepingcomputer.com/news/security/konni-hackers-target-blockchain-engineers-with-ai-built-malware/

03 February 2026

Viewed 160 time

Engine by shopup.com