Microsoft has issued new security updates to fix serious flaws in Windows and Office. The company said hackers are already using these flaws in active attacks.
The attacks require very little user action. In most cases, a single click is enough. Hackers can install malware or take control of a computer.
At least two of the vulnerabilities work through harmful links. If a user clicks such a link, the system may be compromised. Another flaw can be triggered by opening a malicious Office file.
These issues are known as zero-day vulnerabilities. This means attackers found them before Microsoft released a fix.
Microsoft warned that technical details about some flaws are now public. This may increase the risk of future attacks. The company did not say where the details were shared.
Security researchers from Google helped identify these issues. Microsoft credited Googleโs Threat Intelligence Group in its reports.
One major flaw is labeled CVE-2026-21510. It exists in the Windows Shell, which controls the system interface. This bug affects all supported Windows versions.
If a user clicks a harmful link, hackers can bypass SmartScreen. SmartScreen normally blocks dangerous files and websites.
Security expert Dustin Childs said this flaw allows remote malware installation. He noted that one-click attacks like this are rare.
A Google spokesperson confirmed the severity of this issue. They described it as widely exploited. They warned that it could lead to ransomware and data theft.
Another flaw, CVE-2026-21513, was found in MSHTML. This is Microsoftโs old browser engine. It still exists for compatibility reasons.
This vulnerability lets hackers bypass system protections. They may gain access and install malicious programs.
Microsoft also fixed three more zero-day issues. These were reported by security journalist Brian Krebs. All were already under active attack.
Microsoft urged users to install updates immediately. Keeping systems updated reduces the risk of compromise.
These patches apply to both personal and business users. Organizations are advised to review their security policies.
Microsoft continues to monitor threats closely. The company said it will release more updates if needed.
Cyber experts say users should avoid unknown links. Opening suspicious files also increases risk.
Microsoft stressed that regular updates are essential. They remain the best defense against cyber threats.
In other news read more about Microsoft Ordered to Stop Tracking Students Online
With more people working online, security remains a top concern. Microsoft aims to protect users from emerging digital risks.
