🟠 High | Source: Microsoft Security Response Center
A remote code execution vulnerability (CVE-2026-45461) has been identified in Microsoft Office for Android. An attacker exploiting this flaw could execute arbitrary code on a victim’s device, potentially leading to full device compromise. Microsoft has released a security update and users should apply it immediately.
Security Architect’s Take: Ensure your mobile device management (MDM) policy enforces automatic updates for Microsoft Office on Android devices, and verify compliance across your fleet via Intune or equivalent tooling. Consider temporarily restricting Office for Android access on unmanaged or non-compliant devices until the patch is confirmed deployed.
Original advisory: CVE-2026-45461 Microsoft Office Remote Code Execution Vulnerability