SECURITY ALERT: Microsoft Office 0-Day Vulnerability (CVE-2026-21509)

Product / Version includes:

Trend Vision One All

Last updated: 2026/01/27

Solution ID: KA-0022317

Category:

Summary

On Monday, January 26, 2026, Microsoft issued out-of-band (OOB) security patches for a high-severity (CVSS 7.8) security feature bypass 0-Day vulnerability in Microsoft Office that has been reported to be exploited in the wild (ITW).

According to Microsoft's emergency bulletin, customers running Office 2021 are automatically protected via a service-side patch, but Office 2016 and 2019 users will need to apply the OOB patch.

TrendAI Protection and Detection Against Exploitation

It is always recommended that users apply the vendor recommended patches or mitigations listed in their official bulletins. In this case, affected users should apply the OOB patches or the registry mitigations outlined in Microsoft's official bulletin.

Patterns, Models & Signatures

Includes Trend Vision One Endpoint Security, Trend Vision One Server and Workload Security, Trend Micro Deep Security, and all other products that utilize malware file scanning technologies.

In addition to the OOB patched, TrendAI products that utilize different pattern, heuristic, and behavior monitoring detection technology have additional detection and protection against known exploits associated with this vulnerability:

PUA.W97M.CVE202621509.A (pattern)
HS_CVE202621509.SM (heuristic)

TrendAI Research will continue to monitor threats associated with this vulnerability and will update the bulletin as necessary.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

SECURITY ALERT: Microsoft Office 0-Day Vulnerability (CVE-2026-21509)

TrendAI Protection and Detection Against Exploitation

SECURITY ALERT: Microsoft Office 0-Day Vulnerability (CVE-2026-21509)

Product / Version includes:

Summary

TrendAI Protection and Detection Against Exploitation