NITDA warns of active Microsoft Office zero-day flaw
NITDA issued a high-severity alert about CVE-2026-21509, a zero-day flaw in Microsoft Office allowing attackers to bypass OLE protections. The vulnerability (CVSS 7.8) requires opening a crafted document and is actively exploited. Microsoft confirmed fixes for Office 2016/2019 require updates, while 2021+ users must restart apps for service-side protection. Immediate action advised.