Print - 【Vulnerability Alert】Microsoft Office — Critical Security Feature Bypass Vulnerability (CVE-2026-21509)

【Vulnerability Alert】Microsoft Office — Critical Security Feature Bypass Vulnerability (CVE-2026-21509)

publish date : 2026-01-30 update date : 2026-01-30

Source: Ministry of education information & communication security contingency platform


Publication Number		Publication Time	2026/01/26 00:00
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026/01/26 00:00
Impact Level	High
[Subject] 【Vulnerability Alert】Microsoft Office — Critical Security Feature Bypass Vulnerability (CVE-2026-21509)
[Content] CVE-2026-21509 is a Microsoft Office Security Feature Bypass vulnerability that has been confirmed to be actively exploited in the wild. Attackers can lure users into opening malicious Office documents to bypass built-in Office security protection mechanisms, thereby executing malicious code and posing risks of system compromise and data leakage. This vulnerability has been included by the U.S. CISA in the Known Exploited Vulnerabilities (KEV) Catalog and is classified as a high-risk vulnerability that is actively exploited. It is strongly recommended to complete patching immediately. (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] Microsoft Office 2016 Microsoft Office 2019 Office LTSC 2021 Office LTSC 2024 Microsoft 365 Apps for Enterprise
[Recommended Actions] Immediately apply updates. Please promptly install the official security update released by Microsoft on 2026-01-26 and complete a system restart.
[Reference] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509

(此通報僅在於告知相關資訊，並非為資安事件)
如果您對此通報的內容有疑問或有關於此事件的建議，歡迎與我們連絡。
教育機構資安通報應變小組
網址：https://info.cert.tanet.edu.tw/
專線電話：07-5250211
網路電話：98400000
E-Mail：service@cert.tanet.edu.tw

Organizer: Computer Center