There’s now a fix for a Microsoft Word security bug that’s been actively exploited “in the wild,”. The flaw could allow attackers to execute malicious code through an opened Word document, putting unpatched systems at risk. Plus an important update to a core part of Windows 11 security is rolling out.
The latest monthly dump of security fixes includes patches for about 58 bugs including six ‘zero-day’ vulnerabilities across Microsoft’s products. It’s the usual grab bag of bugs in Windows, Remote Access and other components.
What caught our eye was a Word security bug that’s ‘in the wild’. If someone can be tricked into opening (not preview) a hacked Word document, the security bug in Word lets the code bypass security checks.
This security gap circumvents OLE protections which are supposed to stop against insecure COM/OLE controls in Microsoft 365 and Microsoft Office
Or in Microsoft’s deliberately obscure language this bug in Word is described as:
“Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.”
All supported versions of Office are vulnerable and have a fix; Microsoft 365, Office 2024 and Office 2021 plus LTSC variants.
How to update
Getting this patch is easy and may have already been done automatically.
Go to File | Account | Update | Update Now which will download any outstanding updates.
Office LTSC for Windows or Mac have separate downloads available, see the list on this Microsoft page.
Secure Boot update for Windows 11
Windows 11 users should update their systems sometime from now and the middle of 2026 to get a fresh root certificate for the computers Secure Boot system. This months updates include changing this core bit of security infrastructure.
Secure Boot happens at a computers startup and part of it is a ‘root certificate’ that ensures the startup process hasn’t been hacked. Root certificates can’t last forever and the current certificates will expire in June 2026 after 15 years of service.
For most people this will happen automatically as part of the regular Windows 11 updates. In some cases, the computer maker will have to supply a firmware update as well.
Newer computers (since 2024) should have included the newer root certificates already.
Windows 11 computers will keep working after the root certificate expires. Ignore any dire, attention seeking warnings that suggest otherwise. Like other security updates, the increased vulnerability will increase as time goes on.
