Security News > 2021 > November > Microsoft patches Excel zero-day used in attacks, asks Mac users to wait

During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors.
Microsoft also patched a second Excel security flaw used during the Tianfu Cup hacking contest last month, a remote code execution bug tracked as CVE-2021-40442 and exploitable by unauthenticated attackers.
Luckily, Microsoft says that the Windows Explorer preview pane is not an attack vector for the two bugs.
While Redmond released security updates for systems running Microsoft 365 Apps for Enterprise and Windows versions of Microsoft Office and Microsoft Excel, it failed to patch the vulnerabilities on macOS. Mac customers running macOS versions of Microsoft Office and Microsoft were told they'd have to wait a little longer for CVE-2021-42292 patches.
"The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available," Microsoft said.
The two bugs were discovered by security researchers with the Microsoft Threat Intelligence Center.
News URL
Related news
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-10 | CVE-2021-42292 | Unspecified vulnerability in Microsoft products Microsoft Excel Security Feature Bypass Vulnerability | 0.0 |
2021-11-10 | CVE-2021-40442 | Unspecified vulnerability in Microsoft products Microsoft Excel Remote Code Execution Vulnerability | 0.0 |