Microsoft Office Zero-Day Actively Exploited: Emergency Patch Released (CVE-2026-21509)
Microsoft released an emergency out-of-band patch for CVE-2026-21509, a zero-day vulnerability being actively exploited across all Office versions. The flaw bypasses OLE security mitigations with no macro warning and no enable content prompt. CISA has set a 16 February deadline. Here is what UK businesses need to do now.