Microsoft Office Word is vulnerable to a high-severity security feature bypass that is currently being exploited in the wild to compromise local systems.

This flaw stems from Microsoft Word's reliance on untrusted inputs during security decision-making processes. An unauthorized local attacker can exploit this to bypass critical security features, potentially facilitating further exploitation of the host system.

A successful bypass of security features can allow attackers to execute restricted actions or deliver additional malware payloads that would otherwise be blocked. Given the CVSS score of 7.8 and its inclusion in the CISA KEV, this vulnerability represents a significant risk to organizational data confidentiality and system integrity.

Immediate Action: Apply the vendor-provided security updates immediately, as this vulnerability is confirmed to be under active exploitation.

Proactive Monitoring: Monitor for suspicious Word process behavior and investigate any instances where security warnings are bypassed or suppressed unexpectedly.

Compensating Controls: Utilize Endpoint Detection and Response (EDR) tools to identify and block the execution of suspicious child processes originating from Microsoft Word.

Public Exploit Available: false

Because this vulnerability is actively being used by threat actors, the standard patching cycle should be accelerated. IT teams must ensure that all workstations running Microsoft Office Word are updated before the March 2, 2026, deadline to prevent successful local security bypasses.