Get the patch now for the latest Office security hole

Office for Mere Mortals
Your beginners guide to the secrets of Microsoft Office
Invalid email address
Tips and help for Word, Excel, PowerPoint and Outlook from Microsoft Office experts.  Give it a try. You can unsubscribe at any time.  Office for Mere Mortals has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy

Microsoft has released a patch for the MSHTML security bug that’s being used with Office documents to infect computers.

The bug is in MSHTML, the browser rendering engine used by Microsoft Office. If someone is tricked into opening a hacked Office document with ActiveX control, they could infect their computer with some virus, ransomware or other nasty. It’s officially called CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability

There’s an increased risk because the infected document can be in the ‘new’ Office document format, most likely .docx.  Many of the infected docs have to be in the older .doc .xls etc formats but not this MSHTML problem.

Microsoft moved quickly to patch this fault because criminals are already using it to attack computers.

What to do

Get the September 2021 security updates, available for all Windows versions from Windows 7, 8, 8.1 and 10 plus Server editions.  There’s also a Sept 2021 update for Windows 11 (still in beta) which (hopefully) has the patch too.

Updates should happen automatically or go to Settings | Windows Update and force an update.  Or the CVE article above has links to individual downloads (scroll to the bottom).

No update to Office is necessary, at least not to patch this particular problem. It’s always a good idea to keep both Windows and Office fully up to date with security fixes.

Latest news & secrets of Microsoft Office

Microsoft Office experts give you tips and help for Word, Excel, PowerPoint and Outlook.

Give it a try. You can unsubscribe at any time.  Office Watch has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy
Invalid email address