Microsoft has confirmed an actively exploited zero-day vulnerability impacting Microsoft Office and Microsoft 365 applications. The vulnerability is being tracked and communicated through the Microsoft Security Response Center (MSRC), Microsoft’s official authority for vulnerability disclosures and remediation guidance.
A zero-day vulnerability is especially dangerous because it is exploited before a permanent fix is fully deployed across all environments. Microsoft has acknowledged active exploitation and is urging organizations to take immediate action.
Microsoft’s official advisory can be found in the Microsoft Security Update Guide.
What Microsoft Has Confirmed
According to Microsoft’s Security Update Guide, the vulnerability affects supported versions of Microsoft Office, including Microsoft 365 Apps. Microsoft has confirmed active exploitation and published guidance designed to reduce exposure while updates and mitigations are applied.
Microsoft manages this disclosure through its coordinated vulnerability disclosure process.
Immediate Action for Office & Microsoft 365 Users
For those of us running Microsoft Office 2021 and above, including M365 Apps, please take the following steps immediately:
- Close ALL Office/M365 apps so they are all closed at the same time
- Check your system tray to ensure all Office/M365 apps are closed, and not just minimized, close anything applicable
- Once you’ve ensured all your Office/M365 apps are fully closed in unison, re-open your Office/M365 apps as necessary and continue to work
This step aligns with Microsoft’s interim mitigation guidance and helps ensure security updates and protections are fully applied at the application level.
Why This Step Matters
Microsoft notes that certain protections and mitigations may not fully activate until Office applications are completely closed and restarted. Simply minimizing applications or closing them individually may leave components running in the background.
In active zero-day scenarios, even small gaps like this can increase exposure.
What Else Microsoft Recommends
Based on Microsoft’s published guidance, organizations should also:
- Apply all available Microsoft security updates immediately
Microsoft posts verified patches and mitigations through the Security Update Guide.
- Monitor for suspicious behavior
Microsoft advises increased vigilance around abnormal authentication attempts, unexpected file behavior, or unusual process activity.
- Reinforce phishing awareness
Microsoft has repeatedly documented that zero-day exploits are often delivered via phishing or malicious document attachments.
A Reminder from Microsoft: Speed Matters
Microsoft emphasizes that zero-day vulnerabilities require urgent response, even if no immediate signs of compromise are present. Waiting for visible impact often means responding too late.
As Microsoft states through the MSRC, timely patching, proper application restarts, and proactive monitoring are essential to reducing risk during active exploitation events.
We will continue monitoring Microsoft’s advisories and will share additional updates as Microsoft releases new guidance.
Need help making sure you’re protected?
Aldridge helps organizations stay ahead of active threats through proactive patching, monitoring, and rapid response when incidents arise. If you’re unsure whether your environment is fully protected, talk to our team today.