Microsoft says hackers are exploiting critical zero-day bugs to target Windowsand Office users

Microsoft has released fixes for critical zero-day vulnerabilities in Windows and Office that hackers are actively exploiting. These one-click attacks allow unauthorized access and malware installation with minimal user interaction, raising significant security concerns.

Key Points

• Microsoft identified critical zero-day vulnerabilities in Windows and Office being exploited by hackers.
• Exploits are one-click attacks needing minimal user interaction, such as clicking a malicious link.
• At least two vulnerabilities enable malware installation or access to the victim’s computer.
• CVE-2026-21510 affects Windows shell, allowing hackers to bypass SmartScreen security features.
• CVE-2026-21513 is in the MSHTML browser engine, allowing malware installation through security circumvention.
• The vulnerabilities were discovered with the help of Google’s Threat Intelligence Group.
• The publication of exploitation details increases risk of attacks.

Relevance

• Similar zero-day vulnerabilities have historically posed significant risks, as seen in the SolarWinds attack.
• The increase in cyberattacks in recent years has made organizations prioritize cybersecurity measures.
• By 2025, trends indicate a higher focus on zero-trust security architectures, making timely updates crucial.

The ongoing exploitation of zero-day vulnerabilities highlights the urgent need for users to apply security patches and for organizations to enhance their cybersecurity postures, particularly with the evolving threat landscape.