CVE-2026-21514 – This vulnerability in Microsoft Office Word all... (How to Fix)

Q: What is the severity of CVE-2026-21514?

CVE-2026-21514 has a CVSS score of 7.8 (HIGH). This vulnerability in Microsoft Office Word allows attackers to bypass local security features by manipulating untrusted inputs. It affects users running vulnerable versions of Microsoft Word on Windows systems. The flaw could enable unauthorized access or privilege escalation on affected systems.

📋 TL;DR

This vulnerability in Microsoft Office Word allows attackers to bypass local security features by manipulating untrusted inputs. It affects users running vulnerable versions of Microsoft Word on Windows systems. The flaw could enable unauthorized access or privilege escalation on affected systems.

💻 Affected Systems

Products:

Microsoft Office Word
Microsoft 365 Apps
Microsoft Office LTSC

Versions: Specific versions to be confirmed via Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016/2019/2022

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both 32-bit and 64-bit versions. Microsoft 365 auto-updates should mitigate quickly for cloud subscribers.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through privilege escalation leading to data theft, malware installation, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation allowing attackers to gain higher privileges than intended, potentially accessing sensitive documents or system resources.

🟢

If Mitigated

Limited impact with proper user account controls, application sandboxing, and restricted user privileges in place.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring local access or user interaction with malicious content.

🏢 Internal Only: MEDIUM - Internal users could exploit this if they have local access to vulnerable systems, potentially enabling privilege escalation attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or user interaction with malicious Word document. Likely involves social engineering to deliver payload.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: To be determined from Microsoft's monthly security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514

Restart Required: Yes

Instructions:

1. Open Microsoft Word. 2. Go to File > Account > Update Options > Update Now. 3. Alternatively, use Windows Update: Settings > Update & Security > Windows Update > Check for updates. 4. Install all available Office updates. 5. Restart computer if prompted.

🔧 Temporary Workarounds

Disable macros and ActiveX

windows

Prevent execution of potentially malicious content in Word documents

File > Options > Trust Center > Trust Center Settings > Macro Settings > Disable all macros without notification
File > Options > Trust Center > Trust Center Settings > ActiveX Settings > Disable all controls without notification

Use Protected View

windows

Force all documents from internet to open in Protected View

File > Options > Trust Center > Trust Center Settings > Protected View > Enable all Protected View options

🧯 If You Can't Patch

Implement application whitelisting to restrict which applications can run
Use Microsoft Defender Application Guard for Office to isolate untrusted documents

🔍 How to Verify

Check if Vulnerable:

Check Word version: File > Account > About Word. Compare with Microsoft's patched version list.

Check Version:

winword.exe /? (in command prompt) or check via Control Panel > Programs > Programs and Features

Verify Fix Applied:

Verify Word has updated to latest version and check that Windows Update shows no pending Office updates.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs: Security events showing privilege escalation attempts
Office telemetry logs showing abnormal document processing

Network Indicators:

Unusual outbound connections from Word process
Downloads of suspicious Office templates or documents

SIEM Query:

EventID=4688 AND ProcessName="WINWORD.EXE" AND NewProcessName contains "cmd" OR "powershell"

📊 Metadata

CVE ID: CVE-2026-21514

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-807

EPSS Score: 2.47% exploit probability (85th percentile)

CISA KEV: Actively Exploited added Feb 10, 2026

Published: February 10, 2026

Last Updated: February 11, 2026

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21514, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

365 Apps by Microsoft

365 Apps by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Long Term Servicing Channel by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable macros and ActiveX

Use Protected View

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities