CVE-2021-42296 Microsoft CVE debrief

Who should care

Organizations running Microsoft 365 Apps for Enterprise or Office LTSC 2021; security teams defending against document-based malware; incident responders investigating suspicious Word document activity.

Technical summary

CVE-2021-42296 is a remote code execution vulnerability in Microsoft Word with a CVSS 3.1 score of 7.8 (HIGH). The attack requires local access with user interaction—typically opening a malicious document. The vulnerability is rooted in improper control of code generation (CWE-94). Affected platforms include Microsoft 365 Apps for Enterprise and Office Long Term Servicing Channel 2021 on both x64 and x86 architectures. Microsoft issued patches and vendor advisories concurrent with the November 10, 2021 disclosure. The CVE record received a modification update on May 19, 2026, reflecting continued maintenance of product configuration data.

Defensive priority

HIGH

Recommended defensive actions

• Apply Microsoft security updates for CVE-2021-42296 released November 2021.
• Enable Microsoft Office Protected View and Application Guard to reduce attack surface from untrusted documents.
• Restrict macro execution and block external content in Word documents via Group Policy or cloud security settings.
• Train users to recognize and avoid opening unexpected or suspicious Word attachments.
• Monitor for anomalous winword.exe child processes or suspicious document-based payload delivery attempts.

Evidence notes

CVE published 2021-11-10; modified 2026-05-19. CVSS 3.1 vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Affected products include Microsoft 365 Apps for Enterprise (x64, x86) and Office LTSC 2021 (x64, x86). Weakness classified as CWE-94 (Improper Control of Generation of Code).

Official resources