You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
office security updates
About this tag
Discussions tagged with office security updates cover Microsoft's extended security update timeline for Microsoft 365 Apps on Windows 10 through 2028, and specific patch guidance for vulnerabilities like CVE-2026-40367 in Word. Key themes include the strategic use of Office support to encourage Windows 11 migration, and the fragmented nature of Office servicing requiring administrators to install every applicable update package. The tag focuses on practical security update management for Office products across enterprise and consumer environments.
CVE-2026-55123 is a Microsoft PowerPoint code-execution flaw that can be triggered when a user opens a malicious presentation, but it is not directly exploitable across a network connection. Microsoft published the vulnerability on July 14, 2026, with a CVSS 3.1 score of 7.8 and the vector...
Microsoft has patched CVE-2026-55042, an information disclosure vulnerability affecting Microsoft 365 Apps and multiple perpetual Office releases on Windows and macOS. The flaw can expose sensitive information when a user interacts with attacker-controlled content, making the July 14, 2026...
Microsoft has fixed CVE-2026-55140, a Critical-rated Microsoft Office remote code execution vulnerability that can be triggered through the Preview Pane. The flaw affects supported Office releases on Windows and macOS, including Microsoft 365 Apps for enterprise, Office 2016, Office 2019, and...
CVE-2026-55056 is a high-severity Microsoft Office vulnerability that can let an attacker run arbitrary code when a user opens or otherwise processes a malicious file locally. Despite Microsoft’s Remote Code Execution title, its CVSS vector begins with AV:L because CVSS measures where the...
CVE-2026-55058 is a high-severity Microsoft Excel vulnerability that can let an attacker run code after a user opens a malicious file, despite its CVSS attack vector being marked as local. Microsoft published the flaw on July 14, 2026, with a CVSS 3.1 score of 7.8 and included fixes in July’s...
CVE-2026-55037 is an Important-severity Microsoft Excel vulnerability that can let attacker-controlled code run on a victim’s computer after local processing of malicious content. Microsoft’s CVSS vector nevertheless assigns it a Local attack vector, AV:L, because exploitation occurs through...
Microsoft has patched CVE-2026-55054, an information-disclosure vulnerability in Excel that can expose sensitive memory when a user interacts with malicious content. The flaw carries a CVSS 3.1 base score of 6.5 and affects supported editions of Microsoft 365 Apps, Office 2019, Office LTSC...
CVE-2026-55124 is a Microsoft Word information-disclosure vulnerability, not a remote-code-execution flaw, despite an apparently mismatched explanation on Microsoft’s Security Update Guide. The authoritative CVE title, description, and CVSS vector all describe a local attack that exposes...
Microsoft has patched CVE-2026-55046, an Important-rated information disclosure vulnerability in Microsoft Excel, through its July 14, 2026 Office security updates. The flaw can expose sensitive data when a user interacts with malicious content, making prompt deployment advisable on Windows...
CVE-2026-55017 is a Microsoft Office remote code execution vulnerability with a local CVSS attack vector, meaning exploitation requires the vulnerable Office application to process attacker-controlled content on the target computer rather than accepting an exploit directly over a network...
Microsoft says Microsoft 365 Apps on Windows 10 moved out of normal support when Windows 10 reached end of support on October 14, 2025, but Word, Excel, Outlook, PowerPoint, Project, and Visio will continue receiving security updates on Windows 10 until October 10, 2028. The headline is not that...
Customers affected by CVE-2026-40367, a Microsoft Word remote code execution vulnerability addressed in Microsoft’s May 12, 2026 security updates, should install every update package offered for the affected Office or Word software on each system, and Microsoft says applicable packages can be...