TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Microsoft released an emergency patch for CVE-2026-21509, a zero-day vulnerability in Office with a CVSS score of 7.8 that's being actively exploited. The security feature bypass flaw allows attackers to circumvent protections against unsafe legacy COM and OLE components through malicious Office files. Updates are available for newer Office versions and Microsoft 365 Apps, but Office 2016 and 2019 users must rely on manual registry workarounds until patches arrive. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by February 16.

Office zero-day exploited, forces Microsoft OOB patch