Microsoft has addressed multiple zero-day vulnerabilities in Windows and Office that hackers are actively exploiting. These flaws allow attackers to execute malware with minimal user interaction, primarily through malicious links and files. Security experts warn of a high risk of system compromise and ransomware deployment.

Microsoft released its first security update of 2026, fixing 112 vulnerabilities, including a zero-day in Desktop Window Manager that can leak sensitive information. While this zero-day is actively exploited, attackers need local access to the system to exploit it. Eight vulnerabilities were flagged as likely to be targeted this month.