Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Microsoft has implemented security updates in Windows and Office, which the company says are being exploited by hackers to break into people’s computers.
Actions are one hit. Two exploits can be used to trick someone into clicking a malicious link on their Windows computer. Another may cause you to open a malicious Office file.
Weaknesses are known as zero daysbecause hackers were exploiting bugs before Microsoft had time to fix them.
Details of how to exploit the bugs have been published, Microsoft said, which could increase the chances of theft. Microsoft did not say where it was published, and a Microsoft spokesperson did not immediately respond when reached by TechCrunch. In its bug reports, Microsoft acknowledged what security researchers in Google’s Threat Intelligence Group discovered about the vulnerability.
Microsoft said that one of these problems, which was officially followed as CVE-2026-21510it was found in the Windows shell, which powers the user interface. The problem affects all supported versions of Windows, the company said. When a victim clicks on a malicious link from their computer, the flaw allows hackers to bypass Microsoft’s SmartScreen feature that can screen malicious links and malware files.
According to defensive tackle Dustin Childsthis error can be misused get rid of the malware on the victim’s computer.
“There is user interaction here, because the customer needs to click on a link or a shortcut file,” Childs wrote on his blog. “However, the error of only one click to get the codes is rare.”
A Google spokesperson confirmed that the Windows shell was being used “in a common, fast way,” and said that successful hacks allow people to not only use malware in a big way, “to carry out the next vulnerability, the deployment of ransomware, or the collection of intelligence.”
Another Windows problem, followed as CVE-2026-21513it was found in Microsoft’s browser engine, MSHTML, which powers its legacy and long-defunct Internet Explorer browser. It is still available in newer versions of Windows to ensure compatibility with older software.
Microsoft said the flaw allows hackers to bypass security features in Windows to plant malware.
According to freelance security reporter Brian Krebs, Microsoft also wrote some three day problems in his programs that were being quickly fed by thieves.
