office click to run

Microsoft disclosed CVE-2026-35436 on May 12, 2026, as an Important elevation-of-privilege vulnerability in Microsoft Office Click-to-Run that can let a low-privileged local attacker escape a contained execution environment and gain SYSTEM privileges on affected Office installations. That is the...

Microsoft disclosed CVE-2026-40418 on May 12, 2026, as an Important-rated elevation-of-privilege vulnerability in Microsoft Office Click-to-Run, listing it in the May Patch Tuesday security release with no public disclosure or known exploitation at release time and a CVSS base score of 7.8. That...

Microsoft disclosed CVE-2026-40419 on May 12, 2026, as an Important-rated Microsoft Office Click-To-Run elevation-of-privilege vulnerability that stems from a use-after-free flaw and can allow a locally authorized attacker to gain SYSTEM privileges after applying a successful exploit. The...

Microsoft’s security telemetry has flagged a new elevation‑of‑privilege concern tied to Microsoft Office’s Click‑to‑Run (C2R) delivery component: CVE‑2026‑20943. The vulnerability is described in vendor advisories as an elevation‑of‑privilege (EoP) weakness in Click‑to‑Run packaging/service...