Critical security flaws targeting Windows and Office users allow hackers to take complete control of a victim's computer by clicking a malicious link or opening a file. Patch now.

TechCrunch (TC) is a leading technology news and media site that covers the latest trends, startups, and innovations in the tech industry. With breaking news,  analysis, and expert commentary, TechCrunch provides  insights into the world of technology and entrepreneurship. Developers can learn about emerging technologies, funding opportunities, and market trends by following TechCrunch's coverage of the tech industry.

TechCrunch

Microsoft patched critical zero-day vulnerabilities in Windows and Office that hackers are actively exploiting. The flaws allow attackers to bypass security features and execute malware through one-click attacks—either by tricking users into clicking malicious links or opening infected Office files. CVE-2026-21510 affects all supported Windows versions by bypassing SmartScreen protection, while CVE-2026-21513 exploits the legacy MSHTML browser engine. Google's Threat Intelligence Group confirmed widespread active exploitation with high risk of ransomware deployment and system compromise. Exploit details have been publicly disclosed, increasing attack likelihood.

Microsoft says hackers are exploiting critical zero-day bugs to target Windows and Office users