The National Information Technology Development Agency (NITDA) has issued an urgent cybersecurity warning about a serious Microsoft Office vulnerability (CVE-2026-21509) that attackers are actively exploiting. This advisory, shared through Nigeria’s Computer Emergency Response Team (CERRT.NG), highlights the risks of this flaw and recommends immediate action to protect systems.
Microsoft has released quick security updates to fix this vulnerability, which has a severity score of 7.8, showing it is a serious risk. Attackers have already used it in targeted attacks.
CVE-2026-21509 affects multiple versions of Microsoft Office, including Office 2016, Office 2019, Microsoft 365 Apps, Office 2021, and later versions. This flaw allows attackers to bypass security features meant to stop harmful Object Linking and Embedding (OLE) controls. OLE is an older Microsoft technology that can be used to embed links or content, but it has often been exploited by malware.
By exploiting this flaw, attackers can create specially designed Office documents. When a user opens these documents, they can run malicious code or gain further access to the system. Exploitation requires user interaction, meaning attackers often trick people into opening harmful Word, Excel, or other Office documents. Common methods include using email attachments or files from untrusted sources.
Because Microsoft confirmed that the vulnerability is being actively exploited, they have made emergency security updates available outside their usual schedule. Users and organisations should:
- Install the latest Microsoft Office security updates for all affected versions.
- Restart Office applications for Office 2021 and later to ensure that the updates take effect.
- Use registry-based settings for protection if updates can’t be applied right away.
- Follow good cybersecurity practices, like using endpoint protection and filtering emails.
Microsoft’s updates for Office 2021 and newer versions are automatically applied, but need a restart of the applications to be active.
Why This Matters: Risk of Malware and Network Infiltration
If someone successfully exploits CVE-2026-21509, they can bypass important security protections in Office, leading to:
- Execution of harmful code on systems
- Delivery of malware
- Theft of credentials or data
- Movement within a network to compromise more systems
This risk is especially concerning for organisations using Office for daily tasks, particularly in critical sectors like finance and public services, where breaches can cause more serious problems.
Zero-day vulnerabilities, which are exploited before a vendor has disclosed or fixed them, are very dangerous. Defenders have little time to react when these attacks begin.
Microsoft Office is widely used and often targeted because of its popularity in business processes. Vulnerabilities in Office and its features have been exploited in many high-profile attacks involving ransomware and data theft.
Previous zero-day alerts emphasise the need for quick patch management. Threat actors often use publicly known but unpatched vulnerabilities in their attacks soon after details are disclosed, which increases the risk if organisations delay updates.
Expert Recommendations for Organisations
Cybersecurity experts support NITDA’s advice, highlighting the importance of:
- Quick deployment of patches: Treat critical updates with the same urgency as regular patch cycles.
- User education: Teach staff and users not to open unexpected Office documents to lessen the risk of social engineering attacks.
- Email security: Filter attachments and scan for malicious files to keep harmful documents away from users.
- Endpoint protection: Use modern antivirus and detection tools to safeguard systems.
