Office Security
The latest Office Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Patches Excel Flaw CVE-2026-58618 That Could Allow Remote Code Execution via Malicious Files
On July 14, 2026, Microsoft rolled out a critical security fix for a vulnerability in Excel that could let attackers take over your computer just by tricking you into opening a booby-trapped...
High-Severity CVE-2026-55948: Excel Workbook Flaw Demands Quick Patch
Microsoft on July 14, 2026 detailed CVE-2026-55948, a use-after-free vulnerability in Microsoft Office Excel that carries a CVSS 3.1 score of 7.8. An attacker who crafts a malicious workbook can...
Excel Patch for July 2026 Closes Remote Code Execution Hole Exploited via Malicious Files
On July 14, 2026, Microsoft released a security update for Microsoft Excel that fixes a vulnerability allowing attackers to run arbitrary code on a victim’s machine simply by having them open a...
CVE-2026-54988: Microsoft's Excel Update Fixes Data Leak and Crash Flaw
On July 14, Microsoft released a security update for Microsoft Office Excel that patches a memory-read vulnerability rated Medium severity. Despite the modest score, the flaw can crash Excel or cause...
Microsoft Deploys Fix for Excel Heap Overflow That Can Crash Apps and Expose Data
Microsoft shipped a security update on July 14, 2026, that plugs a heap-based buffer overflow in Excel capable of leaking information and abruptly terminating the application when a user opens a...
Microsoft Patches Excel Flaw That Turns a Simple Spreadsheet into a Backdoor
Microsoft issued a security fix on July 14, 2026, for a flaw in Excel that can give attackers full control of a PC when a victim opens a poisoned spreadsheet. The vulnerability, tracked as...
Office 365 Apps Version 2508 Breaks Legacy Web Folders: Block FrontPage RPC by Default
Microsoft 365 Apps for Windows version 2508, released on August 26, 2025, now blocks the FrontPage Remote Procedure Call (FPRPC) protocol by default—a move that will break file-open operations...
Microsoft Office RCE CVE-2026-45461: Why Local Attack Vector Still Means Remote Risk
CVE-2026-45461 landed in Microsoft’s June 9, 2026 Patch Tuesday as a Critical-rated remote code execution vulnerability in Microsoft Office. The flaw, which carries a CVSS v3.1 base score of 9.8,...
CVE-2026-45458: The Outlook and Word RCE That Turns Emails Into Attack Vectors
Microsoft’s security team dropped a critical advisory for CVE-2026-45458 this Patch Tuesday, sending IT admins scrambling to assess the damage. The flaw, rated 8.4 on the CVSS scale, enables remote...
CVE-2026-44817 Excel RCE: Patch Now to Block Zero-Day Risk
Microsoft’s June 2026 Patch Tuesday brought an unwelcome shock for IT administrators worldwide: CVE-2026-44817, an Important-rated remote code execution (RCE) vulnerability in Microsoft Excel....
CERT-In Issues High-Severity Alert: Multiple Microsoft Office Vulnerabilities Enable Code Execution and Data Theft
India’s Computer Emergency Response Team (CERT-In) has issued a high-severity advisory warning that multiple vulnerabilities in Microsoft Office could let attackers execute arbitrary code, steal...
CVE-2026-40361: Microsoft Word Remote Code Execution Vulnerability Demands Immediate Patching
Microsoft has disclosed CVE-2026-40361, a remote code execution vulnerability in Microsoft Word, through its Security Update Guide on May 12, 2026. The advisory carries an urgent tone, starkly...