You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 20943
About this tag
CVE-2026-20943 is a Microsoft Office Click-to-Run elevation of privilege vulnerability addressed in the January 2026 security roll-up. The advisory is confirmed and actionable, though public technical details remain limited. System administrators should prioritize patching Microsoft 365 Apps and other Click-to-Run installations to mitigate the risk. The vulnerability affects the streaming and auto-update model used by most consumer and enterprise subscribers.
Microsoft’s January 2026 security roll‑up includes a newly tracked elevation‑of‑privilege entry — CVE‑2026‑20943 — tied to Microsoft Office Click‑to‑Run (C2R) components, and system administrators should treat the advisory as confirmed and actionable while understanding that public technical...