EMERGENCY UPDATE against Zeroday in MICROSOFT OFFICE

Emergency update against Zeroday in Microsoft Office

Microsoft only releases updates out of turn when there is a fire. This is the case with Office and Microsoft 365 Apps for Enterprise.

What is the issue and which specific application is affected?

Microsoft 365 Apps for Enterprise and the Office versions 2016 (version 16.0.0 to before 16.0.5539.1001), 2019 (16.0.0 to before 16.0.10417.20095), LTSC 2021 and LTSC 2024, in each case the 32-bit and 64-bit versions.

What is the problem?

There is a serious vulnerability in Microsoft 365 and several Office versions that is already being actively exploited. It is sufficient for the victim to open a correspondingly manipulated Office file for the attack to be successful. The vulnerability is listed as CVE-2026-21509 and is classified as "high" with a CVE value of 7.8. Immediate action must be taken against this so-called Zeroday attack.

What needs to be done?

Microsoft has been providing security updates since 26.01.2026 that fix the problem. Please install these updates as soon as possible.

The update for Office 2021 and 2024 will be installed on the server side; users only need to restart their Office applications completely to maintain protection. This must also apply to Microsoft 365 Apps for Enterprise; Microsoft has not yet commented on this and the relevant webpage has not yet been updated.

For Office 2019 installed with wholesale licenses, such as Office Professional Plus 2019, support has expired, but the software company has nevertheless issued an update. To close the security gap, it is necessary to upgrade to version 1808 build 10417.20095. For locally installed Office 2016, there is the update KB5002713, which replaces the update KB5002522 from February 13, 2024. Alternatively, Windows users can manually edit the system registry in the latter two cases.

How do I find out which version I have? And where can I find out about these "updates"?

To find out which version you are using and where the button for Office updates is, here is a short guide: https://ticketsystem.rz.rptu.de/help/de-de/17-microsoft/113-welche-microsoft-office-version-verwende-ich-gerade

How do I start the search for updates?

Depending on the support status, it may be sufficient for end users to restart the Office application completely. However, if you want to check manually whether the updates have already been installed or still need to be installed: Go to your Office application, click on "File" and then on "Account" at the bottom. On the right-hand side under "Product information" you will find the "Office updates" button. If you click on it, you will get a selection - see picture on the right.

Where can I get help if I can't get any further on my own?

Contact your local IT support, the Computing Center support team or the Information Security team. We will be happy to help you!

Message found at https://www.heise.de/news/Notfall-Update-gegen-Zeroday-in-Microsoft-Office-11154976.html