Microsoft has recently taken significant steps to address critical security vulnerabilities affecting its Windows operating system and Office suite. These vulnerabilities have been identified as actively exploited by malicious actors seeking unauthorized access to users’ computers.
Details of the Vulnerabilities
The exploits in question are categorized as one-click attacks, which means that a hacker can infiltrate a victim’s system with minimal user interaction. Specifically, at least two of the identified flaws can be exploited by deceiving users into clicking on a malicious link. Another vulnerability arises when a user opens a compromised Office file.
Known as zero-days, these vulnerabilities were being exploited by hackers before Microsoft had the opportunity to implement fixes. The company has acknowledged that details regarding the exploitation methods have been made public, which could heighten the risk of further attacks. While Microsoft did not disclose the sources of this information, a spokesperson did not provide immediate comments when approached for clarification.
In its reports, Microsoft recognized the contributions of security researchers from Google’s Threat Intelligence Group in uncovering these vulnerabilities. One of the critical bugs, tracked as CVE-2026-21510, resides in the Windows shell, the component responsible for the operating system’s user interface. This particular bug affects all supported versions of Windows and allows hackers to circumvent Microsoft’s SmartScreen feature, which is designed to screen for malicious links and files.
Security expert Dustin Childs highlighted the implications of this vulnerability, noting that it can be exploited to remotely install malware on a victim’s computer. In his blog, he remarked, “There is user interaction here, as the client needs to click a link or a shortcut file. Still, a one-click bug to gain code execution is a rarity.”
A spokesperson from Google confirmed that the Windows shell bug is currently experiencing “widespread, active exploitation,” indicating that successful attacks can lead to the silent execution of malware with elevated privileges. This poses a significant risk, potentially leading to system compromise, ransomware deployment, or intelligence gathering.
Another vulnerability, identified as CVE-2026-21513, has been detected in Microsoft’s proprietary browser engine, MSHTML, which supports the legacy Internet Explorer browser. Although Internet Explorer has been discontinued, this engine remains in newer Windows versions for compatibility with older applications. Microsoft has indicated that this bug also enables hackers to bypass security measures to install malware.
In addition to these vulnerabilities, independent security reporter Brian Krebs has reported that Microsoft has patched three other zero-day bugs in its software, all of which were under active exploitation by cybercriminals.
Microsoft says hackers are exploiting critical zero-day bugs to target Windows and Office users
Microsoft has recently taken significant steps to address critical security vulnerabilities affecting its Windows operating system and Office suite. These vulnerabilities have been identified as actively exploited by malicious actors seeking unauthorized access to users’ computers.
Details of the Vulnerabilities
The exploits in question are categorized as one-click attacks, which means that a hacker can infiltrate a victim’s system with minimal user interaction. Specifically, at least two of the identified flaws can be exploited by deceiving users into clicking on a malicious link. Another vulnerability arises when a user opens a compromised Office file.
Known as zero-days, these vulnerabilities were being exploited by hackers before Microsoft had the opportunity to implement fixes. The company has acknowledged that details regarding the exploitation methods have been made public, which could heighten the risk of further attacks. While Microsoft did not disclose the sources of this information, a spokesperson did not provide immediate comments when approached for clarification.
In its reports, Microsoft recognized the contributions of security researchers from Google’s Threat Intelligence Group in uncovering these vulnerabilities. One of the critical bugs, tracked as CVE-2026-21510, resides in the Windows shell, the component responsible for the operating system’s user interface. This particular bug affects all supported versions of Windows and allows hackers to circumvent Microsoft’s SmartScreen feature, which is designed to screen for malicious links and files.
Security expert Dustin Childs highlighted the implications of this vulnerability, noting that it can be exploited to remotely install malware on a victim’s computer. In his blog, he remarked, “There is user interaction here, as the client needs to click a link or a shortcut file. Still, a one-click bug to gain code execution is a rarity.”
A spokesperson from Google confirmed that the Windows shell bug is currently experiencing “widespread, active exploitation,” indicating that successful attacks can lead to the silent execution of malware with elevated privileges. This poses a significant risk, potentially leading to system compromise, ransomware deployment, or intelligence gathering.
Another vulnerability, identified as CVE-2026-21513, has been detected in Microsoft’s proprietary browser engine, MSHTML, which supports the legacy Internet Explorer browser. Although Internet Explorer has been discontinued, this engine remains in newer Windows versions for compatibility with older applications. Microsoft has indicated that this bug also enables hackers to bypass security measures to install malware.
In addition to these vulnerabilities, independent security reporter Brian Krebs has reported that Microsoft has patched three other zero-day bugs in its software, all of which were under active exploitation by cybercriminals.