CISA Flags Microsoft Office and HPE OneView Vulnerabilities for Active Exploitation

On January 22, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation in the wild. The first vulnerability, identified as CVE-2009-0556 with a CVSS score of 8.8, is a code injection flaw affecting Microsoft Office. This type of vulnerability allows attackers to execute arbitrary code on vulnerable systems, potentially leading to full system compromise. The second vulnerability impacts HPE OneView, a management platform used for HPE servers and storage solutions. Although the specific CVE identifier for the HPE OneView vulnerability is not disclosed in the source article, its inclusion in the KEV catalog indicates ongoing exploitation by threat actors. The addition of these vulnerabilities to CISA's KEV catalog highlights several critical points for cybersecurity professionals. Firstly, the presence of CVE-2009-0556, a vulnerability from 2009, underscores the persistent risk posed by unpatched or legacy systems. Despite being over a decade old, this vulnerability is still being exploited, emphasizing the importance of comprehensive patch management strategies that include older software versions. Secondly, the HPE OneView vulnerability demonstrates that enterprise management tools are attractive targets for attackers due to their potential for providing broad access to critical infrastructure. From a technical standpoint, code injection vulnerabilities like CVE-2009-0556 often arise from insufficient input validation or improper handling of malicious data. In the context of Microsoft Office, this could involve specially crafted documents that execute arbitrary code when opened. For HPE OneView, the specifics of the vulnerability are not provided, but management platforms often have vulnerabilities related to authentication bypass, command injection, or improper access controls. The impact on the cybersecurity landscape is significant. Active exploitation of these vulnerabilities suggests that threat actors are leveraging them in real-world attacks. For organizations using Microsoft Office or HPE OneView, the risk of compromise is heightened, potentially leading to data breaches, lateral movement within networks, or further malicious activities. Cybersecurity professionals should take immediate action to mitigate these risks. For CVE-2009-0556, applying the latest security updates from Microsoft is critical. Organizations should also consider implementing additional protections such as disabling the execution of macros from untrusted sources and using advanced threat protection solutions. For the HPE OneView vulnerability, organizations should consult HPE's security advisories for patching guidance and consider network segmentation to limit exposure. In conclusion, the inclusion of these vulnerabilities in CISA's KEV catalog serves as a stark reminder of the dynamic and persistent nature of cyber threats. It highlights the necessity for continuous vigilance, timely patching, and robust security practices to defend against both new and old vulnerabilities. Cybersecurity professionals must prioritize these actions to protect their organizations from evolving threats.