Microsoft Office zero-day lets malicious documents slip past security checks
嗯,用户让我帮忙总结一下这篇文章的内容,控制在100个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先,我需要通读整篇文章,抓住主要信息。文章讲的是微软发布了一个紧急补丁,修复了Office中的一个高危零日漏洞。这个漏洞允许攻击者绕过文档的安全检查,通过恶意文件进行攻击。 然后,漏洞的编号是CVE-2026-21509,CVSS评分7.8分。它影响了多个版本的Office软件,包括2016、2019、LTSC 2021、LTSC 2024以及Microsoft 365 Apps。攻击者利用这个漏洞可以绕过OLE缓解措施,运行隐藏代码。 用户需要注意的是,测试绕过安全措施的代码已经公开,所以风险很高。建议用户尽快安装补丁,并采取一些防护措施,比如不打开未经验证的附件、保持宏关闭、使用防病毒软件等。 接下来,我需要把这些信息浓缩到100字以内。要涵盖微软发布补丁、漏洞的严重性、影响范围以及建议措施。 可能的结构是:微软发布紧急补丁修复Office零日漏洞(CVE-2026-21509),该漏洞允许攻击者绕过安全检查并执行恶意代码。受影响版本包括多个Office版本和Microsoft 365 Apps。建议用户立即更新以防范风险。 检查一下字数是否在限制内,并确保信息准确无误。 </think> 微软发布紧急补丁修复Office零日漏洞(CVE-2026-21509),该漏洞允许攻击者绕过安全检查并执行恶意代码。受影响版本包括多个Office版本和Microsoft 365 Apps。建议用户立即更新以防范风险。 2026-1-29 14:53:57 Author: www.malwarebytes.com(查看原文) 阅读量:0 收藏

Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in the wild via malicious files.

Microsoft pushed the emergency patch for the zero‑day, tracked as CVE-2026-21509, and classified it as a “Microsoft Office Security Feature Bypass Vulnerability” with a CVSS score of 7.8 out of 10.

The flaw allows attackers to bypass Object Linking and Embedding (OLE) mitigations that are designed to block unsafe COM/OLE controls inside Office documents. This means a malicious attachment could infect a PC despite built-in protections.

In a real-life scenario, an attacker creates a fake Word, Excel, or PowerPoint file containing hidden “mini‑programs” or special objects. They can run code and do other things on the affected computer. Normally, Office has safety checks that would block those mini-programs because they’re risky.

However, the vulnerability allows the attacker to tweak the file’s structure and hidden information in a way that tricks Office into thinking the dangerous mini‑program inside the document is harmless. As a result, Office skips the usual security checks and allows the hidden code to run.

As code to test the bypass is publicly available, increasing the risk of exploitation, users are under urgent advice to apply the patch.

Updating Microsoft 365 and Office
Updating Microsoft 365 and Office

How to protect your system

What you need to do depends on which version of Office you’re using.

The affected products include Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps (both 32‑bit and 64‑bit).

Office 2021 and later are protected via a server‑side change once Office is restarted. To apply it, close all Office apps and restart them.

Office 2016 and 2019 require a manual update. Run Windows Update with the option to update other Microsoft products turned on.

If you’re running build 16.0.10417.20095 or higher, no action is required. You can check your build number by opening any Office app, going to your account page, and selecting About for whichever application you have open. Make sure the build number at the top reads 16.0.10417.20095 or higher.

What always helps:

  • Don’t open unsolicited attachments without verifying them with a trusted sender.
  • Treat all unexpected documents, especially those asking to “enable content” or “enable editing,” as suspicious.
  • Keep macros disabled by default and only allow signed macros from trusted publishers.
  • Use an up-to-date real-time anti-malware solution.
  • Keep your operating system and software fully up to date.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

About the author

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.


文章来源: https://www.malwarebytes.com/blog/news/2026/01/microsoft-office-zero-day-lets-malicious-documents-slip-past-security-checks
如有侵权请联系:admin#unsafe.sh