MC1223281 – An updated version of the January 2026 Scan Cab is available

Product:

Windows

Platform:

Online, World tenant

Status:

Change type:

Admin impact

Links:

Details:

IMPORTANT: This notice is only relevant for environments where:
Microsoft Office is used
Scan Cab is used to check for update compliance
The January 2026 Scan Cab was deployed before 2:30 PM PT on January 27, 2026.


An updated version of the January 2026 Scan Cab was made available at 2:30 PM PT on January 27, 2026. This Scan Cab includes new metadata corresponding to new updates for Microsoft Office 2016.


The new security updates for Microsoft Office released January 26, 2026, included additional protections to address CVE-2026-21509. Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally. See the additional information section of this message for details.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2026-01-28

updated:
2026-01-28

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

The updated January 2026 Scan Cab includes crucial updates for Microsoft Office 2016, addressing the security vulnerability CVE-2026-21509, and IT administrators should download it if they did so before 2:30 PM PT on January 27, 2026, to ensure system security.

Direct effects for Operations**

Increased Security Vulnerability
If the updated Scan Cab is not deployed, systems may remain vulnerable to CVE-2026-21509, allowing unauthorized access and potential data breaches.
   - roles: IT Administrators, Security Officers
   - references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509, https://support.microsoft.com/help/5002713 " target="_blank" rel="nofollow noopener noreferrer">https://support.microsoft.com/help/5002713

Update Compliance Failure
Failure to deploy the updated Scan Cab may lead to inaccurate update compliance reports, affecting the organization's ability to manage software updates effectively.
   - roles: IT Administrators, Compliance Officers
   - references: https://learn.microsoft.com/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site, https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-a-smaller-wsus-scan-cab/ba-p/2928256?msclkid=256145ccd0c011ec9266b53af8d0aca1 " target="_blank" rel="nofollow noopener noreferrer">https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-a-smaller-wsus-scan-cab/ba-p/2928256?msclkid=256145ccd0c011ec9266b53af8d0aca1

User Experience Degradation
Users may experience issues with Microsoft Office functionality due to unpatched vulnerabilities, leading to potential disruptions in their work.
   - roles: End Users, IT Support Staff
   - references: https://support.microsoft.com/help/5002713, https://learn.microsoft.com/windows/win32/wua_sdk/using-wua-to-scan-for-updates-offline?tabs=vbscript

Increased IT Support Requests
Failure to update may result in increased support requests from users facing issues with Microsoft Office, straining IT resources.
   - roles: IT Support Staff, Help Desk Personnel
   - references: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-a-smaller-wsus-scan-cab/ba-p/2928256?msclkid=256145ccd0c011ec9266b53af8d0aca1, https://learn.microsoft.com/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site " target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site

Operational Downtime
If the updated Scan Cab is not deployed, critical updates may not be applied, leading to potential operational downtime for users relying on Microsoft Office.
   - roles: IT Administrators, End Users
   - references: https://support.microsoft.com/help/5002713, https://learn.microsoft.com/windows/win32/wua_sdk/using-wua-to-scan-for-updates-offline?tabs=vbscript

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only