Microsoft has implemented critical updates to address security flaws in Windows and Office, which are reportedly being exploited by cybercriminals to infiltrate users' systems.
These vulnerabilities are categorized as one-click attacks, enabling hackers to deploy malware or access a victim's device with minimal user interaction. At least two vulnerabilities can be triggered by deceiving users into clicking on malicious links, while another can be exploited through the opening of a harmful Office document.
Referred to as zero-days, these vulnerabilities were being exploited before Microsoft had the opportunity to deploy fixes. The company has noted that details on how to exploit these flaws have been made public, heightening the risk of potential attacks.
One notable bug, tracked as CVE-2026-21510, resides in the Windows shell, which is essential for the operating system's user interface. This flaw impacts all supported versions of Windows. When a user clicks a malicious link, it enables hackers to circumvent Microsoft's SmartScreen feature, which typically protects against harmful links and files.
Security expert Dustin Childs highlighted that this vulnerability could be exploited to remotely install malware on a victim's machine. He emphasized that while user interaction is required, the existence of a one-click bug for code execution is quite rare.
A representative from Google confirmed that the Windows shell vulnerability is currently under widespread exploitation, allowing for the covert execution of malware with elevated privileges, which poses a significant risk of system compromise or ransomware deployment.
Another critical flaw, identified as CVE-2026-21513, is located within Microsoft's proprietary browser engine, MSHTML, which supports legacy applications in newer Windows versions. This vulnerability also allows hackers to bypass security measures to install malware.
In addition, independent security journalist Brian Krebs reported that Microsoft has patched three other zero-day vulnerabilities that were actively being targeted by hackers.