Hackers exploit Windows and Office flaws — Microsoft responds with security fixes to protect users worldwide. The company released a Microsoft security patch after reports of active attacks targeting critical Windows and Office vulnerabilities. These updates address zero-day vulnerabilities that allowed hackers to gain unauthorized access and install malware through simple, one-click attacks.
At least two flaws were triggered by a malicious link on Windows systems, while another exploited malicious Office files. Experts from the Google Threat Intelligence Group helped identify these vulnerabilities, now officially logged as CVE-2026-21510 and CVE-2026-21513. Both are considered high-severity bugs, affecting all supported Windows versions.
The Windows Shell vulnerability allowed hackers to bypass the SmartScreen security feature, enabling malware installation and remote code execution. Similarly, the MSHTML engine flaw in older Internet Explorer components posed risks for privilege escalation and potential system compromise. Security researchers, including Dustin Childs, warned that these actively exploited Windows bugs could lead to ransomware deployment or intelligence collection if unpatched.
Microsoft urges users to immediately apply the latest Windows security update and Office patches. Microsoft recommends enabling automatic updates and verifying systems through Patch Tuesday updates. For enterprises, IT administrators should prioritize these fixes to reduce cybersecurity threats and prevent large-scale exploitation.
Regular patching and cautious handling of email links and Office documents remain crucial. Microsoft’s swift response highlights the importance of timely updates to safeguard against critical Windows flaws and ongoing cyberattacks.
