Use Microsoft Office? Hackers can infect your PC with a malicious document - patch it ASAP

Microsoft issued an emergency patch for a zero-day Office Security Feature Bypass (CVE-2026-21509) that circumvents OLE mitigations, allowing attackers to deliver malicious document attachments and infect systems; the flaw has been observed in the wild, affects multiple Office/Microsoft 365 versions (including Office 2016, 2019, LTSC and Microsoft 365 Apps), and requires manual updates for older Office releases while newer editions receive a server-side fix and restart.