Microsoft has warned against multiple flaws in Windows and Office software that the company says are being actively used by hackers. The vulnerabilities, the company says, allow attackers to break into computers through simple actions such as clicking a link or opening a file. Some of the flaws were already being exploited before fixes were available, making them especially risky. Microsoft said details about how the flaws could be abused were made public, which may increase the chances of attacks. The company has released security updates to fix the bugs and has also urged users to install updates as soon as possible to reduce the risk of system compromise.
Vulnerabilities in Microsoft Windows and Office
The flaws fixed by Microsoft are classified as zero-day vulnerabilities. This means attackers found and used the bugs before Microsoft could release security patches. At least two of the flaws allow one-click attacks, where minimal user action is needed for an attack to succeed.
As explained by Microsoft, some of the vulnerabilities can be triggered when a user clicks a malicious link on a Windows computer. Another flaw can be exploited when a user opens a harmful Microsoft Office file. These attacks can allow hackers to install malware or gain control of a system without further warning.
One of the bugs, tracked as CVE-2026-21510, was found in the Windows shell, which controls parts of the user interface. Microsoft said the issue affects all supported versions of Windows. The flaw allows attackers to bypass the SmartScreen security feature, which normally checks links and files for threats. Security experts said this bug can be used to remotely install malware after a single click.
Browser engine vulnerability
Another flaw, tracked as CVE-2026-21513, was found in MSHTML, a browser engine originally used by Internet Explorer. Although the browser is no longer supported, the engine remains in Windows for older software compatibility. Microsoft said this bug can be used to bypass security protections and install malicious code.
GN Awards 2025: Vote for your favorite Gadgets
The TOI Tech Desk is a dedicated team of journalists committed to...
Read MoreThe TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk’s news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.
Read Less
Start a Conversation
Post comment