{"id":38137,"date":"2026-01-29T10:37:15","date_gmt":"2026-01-29T10:37:15","guid":{"rendered":"http:\/\/localhost\/?p=38137"},"modified":"2026-01-29T10:37:15","modified_gmt":"2026-01-29T10:37:15","slug":"microsoft-office-zero-day-lets-malicious-documents-slip-past-security-checks","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=38137","title":{"rendered":"Microsoft Office zero-day lets malicious documents slip past security checks_MALWAREBYTES:32EB5D6622D3570C02DF61BED64EE648"},"content":{"rendered":"

{“lastseen”:”2026-01-29T16:05:13″,”description”:”Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in the wild via malicious files.\\n\\nMicrosoft pushed the emergency patch for the zero\u2011day, tracked as CVE-2026-21509, and classified it as a \u201cMicrosoft Office Security Feature Bypass Vulnerability\u201d with a CVSS score of 7.8 out of 10.\\n\\nThe flaw allows attackers to bypass Object Linking and Embedding (OLE) mitigations that are designed to block unsafe COM\/OLE controls inside Office documents. This means a malicious attachment could infect a PC despite built-in protections.\\n\\nIn a real-life scenario, an attacker creates a fake Word, Excel, or PowerPoint file containing hidden \u201cmini\u2011programs\u201d or special objects. They can run code and do other things on the affected computer. Normally, Office has safety checks that would block those mini-programs because they\u2019re risky.\\n\\nHowever, the vulnerability allows the attacker to tweak the file’s structure and hidden information in a way that tricks Office into thinking the dangerous mini\u2011program inside the document is harmless. As a result, Office skips the usual security checks and allows the hidden code to run.\\n\\nAs code to test the bypass is publicly available, increasing the risk of exploitation, users are under urgent advice to apply the patch.\\n\\n![Updating Microsoft 365 and Office](https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2026\/01\/Updating_Word.png)Updating Microsoft 365 and Office\\n\\n## How to protect your system\\n\\nWhat you need to do depends on which version of Office you\u2019re using.\\n\\nThe affected products include Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps (both 32\u2011bit and 64\u2011bit).\\n\\n**Office 2021 and later** are protected via a server\u2011side change once Office is restarted. To apply it, close all Office apps and restart them.\\n\\n**Office 2016 and 2019** require a manual update. Run Windows Update with the option to update other Microsoft products turned on.\\n\\nIf you\u2019re running **build 16.0.10417.20095 or higher** , no action is required. You can check your build number by opening any Office app, going to your account page, and selecting **About** for whichever application you have open. Make sure the build number at the top reads 16.0.10417.20095 or higher.\\n\\n**What always helps:**\\n\\n * Don\u2019t open unsolicited attachments without verifying them with a trusted sender. \\n * Treat all unexpected documents, especially those asking to \u201cenable content\u201d or \u201cenable editing,\u201d as suspicious.\\n * Keep macros disabled by default and only allow signed macros from trusted publishers.\\n * Use an up-to-date real-time anti-malware solution.\\n * Keep your operating system and software fully up to date.\\n\\n\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2026-01-29T14:53:57″,”modified”:”2026-01-29T14:53:57″,”type”:”malwarebytes”,”title”:”Microsoft Office zero-day lets malicious documents slip past security checks”,”source”:””,”references”:””,”id”:”MALWAREBYTES:32EB5D6622D3570C02DF61BED64EE648″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2026-21509″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:7.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/01\/microsoft-office-zero-day-lets-malicious-documents-slip-past-security-checks”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-01-29T16:05:13″,”description”:”Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,28,12,15,115,13,7,11,5],"class_list":["post-38137","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-78","tag-exploit","tag-high","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nMicrosoft Office zero-day lets malicious documents slip past security checks_MALWAREBYTES:32EB5D6622D3570C02DF61BED64EE648 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=38137\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Office zero-day lets malicious documents slip past security checks_MALWAREBYTES:32EB5D6622D3570C02DF61BED64EE648 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-01-29T16:05:13″,”description”:”Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=38137\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-29T10:37:15+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38137#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38137\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Microsoft Office zero-day lets malicious documents slip past security checks_MALWAREBYTES:32EB5D6622D3570C02DF61BED64EE648\",\"datePublished\":\"2026-01-29T10:37:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38137\"},\"wordCount\":616,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.8\",\"exploit\",\"HIGH\",\"malwarebytes\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=38137#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38137\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38137\",\"name\":\"Microsoft Office zero-day lets malicious documents slip past security checks_MALWAREBYTES:32EB5D6622D3570C02DF61BED64EE648 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-01-29T10:37:15+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38137#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=38137\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38137#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Office zero-day lets malicious documents slip past security checks_MALWAREBYTES:32EB5D6622D3570C02DF61BED64EE648\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Office zero-day lets malicious documents slip past security checks_MALWAREBYTES:32EB5D6622D3570C02DF61BED64EE648 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=38137","og_locale":"en_US","og_type":"article","og_title":"Microsoft Office zero-day lets malicious documents slip past security checks_MALWAREBYTES:32EB5D6622D3570C02DF61BED64EE648 - zero redgem","og_description":"{“lastseen”:”2026-01-29T16:05:13″,”description”:”Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in...","og_url":"https:\/\/zero.redgem.net\/?p=38137","og_site_name":"zero redgem","article_published_time":"2026-01-29T10:37:15+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=38137#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=38137"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Microsoft Office zero-day lets malicious documents slip past security checks_MALWAREBYTES:32EB5D6622D3570C02DF61BED64EE648","datePublished":"2026-01-29T10:37:15+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=38137"},"wordCount":616,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.8","exploit","HIGH","malwarebytes","news","Security","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=38137#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=38137","url":"https:\/\/zero.redgem.net\/?p=38137","name":"Microsoft Office zero-day lets malicious documents slip past security checks_MALWAREBYTES:32EB5D6622D3570C02DF61BED64EE648 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-01-29T10:37:15+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=38137#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=38137"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=38137#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Microsoft Office zero-day lets malicious documents slip past security checks_MALWAREBYTES:32EB5D6622D3570C02DF61BED64EE648"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/38137","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=38137"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/38137\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=38137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=38137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=38137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}