National Information Technology Development Agency (NITDA) has warned Nigerians of an actively exploited Microsoft Office vulnerability, CVE-2026-21509, urging immediate system updates.
NITDA
Through its Computer Emergency Response Team (CERRT.NG), NITDA highlighted the flaw’s high severity (CVSS score 7.8) and confirmed attacker exploitation via malicious documents.
Vulnerability Details
CVE-2026-21509 affects Office 2016, 2019, Microsoft 365 Apps, Office 2021, LTSC 2024, and later versions, enabling bypass of Object Linking and Embedding (OLE) security controls.
Read Also: NITDA, HORSA Empower Lawmakers’ Spouses with Digital Skills for National Growth
Attackers craft harmful Word, Excel, or PowerPoint files delivered via email or untrusted sources; opening triggers malicious code execution without macro prompts.
Microsoft issued emergency out-of-band patches, as exploitation preceded disclosure; attacks are targeted, often by sophisticated actors like APT28.
Mitigation Steps
NITDA and Microsoft recommend:
Installing latest security updates across affected versions.
Restarting Office apps, especially for 2021+ where auto-updates apply post-restart.
Applying registry protections if patching delays occur; enable endpoint security and email filters.
Preview Pane is safe—full document opening is required; reinforce user training against suspicious attachments.
Read Also: NITDA DG Urges Cross River Civil Servants to Embrace Digital Shift
Local Impact
As Nigeria advances digital economy goals, NITDA stresses swift action to safeguard businesses, government systems, and individuals from this zero-day threat.
