Microsoft released an emergency security update for a vulnerability known as CVE-2026-21509. This bug allows attackers to bypass Object Linking and Embedding (OLE) security in Microsoft Office. Unlike other bugs, this exploit triggers silently when a user opens a file.

Hackers are currently using this bug. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog, and the deadline to fix it is February 16, 2026.

Error Message and Symptoms

This vulnerability is dangerous because it gives no warning. Users will not see a warning box or an error code before the exploit runs.

You won't see an error message or a dialog box. The exploit runs quietly when you open a malicious Office file.

Why This Security Bypass Occurs

The bug exists because Microsoft Office trusts inputs it shouldn't when making security decisions. The software doesn't properly check certain Component Object Model (COM) or OLE controls.

When an attacker creates a malicious document, they can manipulate these inputs to skip the security layers that usually block untrusted code. This is a major risk for organizations that handle external documents. Just like when you fix Outlook error 0xc0000409 to stop application crashes, you need these patches to keep your tools safe.

Affected Software Versions

The following versions of Microsoft Office are vulnerable:

  • Microsoft Office 2016 (Specifically 64-bit edition 16.0.5539.1001 and earlier)
  • Microsoft Office 2019
  • Office LTSC 2021
  • Office LTSC 2024
  • Microsoft 365 Apps for Enterprise

Step-by-Step Fix: GUI Method

The best fix is to apply the security updates from Microsoft.

  1. Open any Office application, such as Word or Excel.
  2. Go to File > Account.
  3. Under Update Options, select Update Now.
  4. For Office 2021 and 2024 users: Restart all Office applications once the update finishes to turn on service-side protections.
  5. For Office 2016 and 2019: Make sure your build is 16.0.5539.1001 or higher.

Step-by-Step Fix: Registry Mitigation

If you cannot update every computer immediately, use a registry fix to block the vulnerable COM object. Using PowerShell scripts to deploy these changes is the fastest way to secure your network.

  1. Press Win + R, type regedit, and press Enter.
  2. Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Compatibility
  3. Look for a key named {00000320-0000-0000-C000-000000000046}. If it is not there, right-click Compatibility, select New > Key, and name it exactly as shown.
  4. Inside this key, right-click the right pane and select New > DWORD (32-bit) Value.
  5. Name the value Compatibility Flags.
  6. Double-click it and set the Value data to 400 (make sure Base is set to Hexadecimal).
  7. Restart your Office applications.

Immediate Workarounds

Applying the fix matters most, but you should also use these Windows fixes to shrink your attack surface:

  • Block Office files from untrusted email attachments or web downloads.
  • Use Group Policy (GPO) to disable OLE/COM objects if your business does not need them.
  • Keep Microsoft Defender updated to scan for malicious file signatures.

Need hands-on help? Contact our team.

Related reading: