Microsoft Office vulnerability

[JW03]

I have received the following information which I am unable to do anything about so I am considering FreeOffice. Can the developers tell me if this is also a problem with FreeOffice? Also would it help to install FreeOffice on a USB?

On 26 January Microsoft released an emergency update for Microsoft Office, resolving CVE-2026-21509, a vulnerability in Office that was found to be exploited in the wild. Microsoft's advisory initially stated that vulnerability details were publicly disclosed, but later reversed that claim. The advisory provided very little information on the vulnerability but it did provide mitigation recommendations for those who can't immediately apply the update.

[Woody44]

What is the nature of the vulnerability?

[martin-k]

Thanks for posting this — the information you received is about a Microsoft Office zero-day that Microsoft patched out-of-band on 26 January 2026: CVE-2026-21509, a “security feature bypass” tied to Office’s OLE/COM protection mechanisms, and it’s been reported as exploited in the wild.

Is this also a problem with FreeOffice?

In general: no — vulnerabilities like CVE-2026-21509 are in Microsoft Office’s own code and components, so FreeOffice is not automatically affected just because it opens DOCX/XLSX/PPTX files. The advisory language and third-party writeups describe this as an Office-specific bypass of Microsoft’s OLE mitigations.

That said, any office suite can be exposed to risks from malicious documents in different ways (e.g., embedded objects, macros/scripts in supported formats, or parser bugs). So the safe guidance is still: treat unexpected Office documents as untrusted, regardless of the suite you use.

Installing on a USB stick would not help, that is: if this were a problem in FreeOffice.