Microsoft suggests the threat is being used in phishing attacks against vulnerable systems since successful exploitation requires local access to the PC.
Microsoft has released an emergency patch for a vulnerability in the company’s Office programs that’s already being exploited by hackers.
On Monday, the company disclosed the flaw, CVE-2026-21509, which affects Microsoft 365 Apps for Enterprise and Microsoft Office 2019 and 2016, in addition to the Microsoft Office LTSC (Long-Term Service Channel) 2024 and Microsoft Office LTSC 2021.
Microsoft suggests the threat is being used in phishing attacks against vulnerable systems.
