🟠 High | Source: Microsoft Security Response Center
A remote code execution vulnerability (CVE-2026-45474) has been identified in Microsoft Office for Android, allowing an attacker to potentially execute arbitrary code on a target device. Microsoft has released a security update to address the flaw, and affected users must install it to be protected. Unpatched devices running Microsoft Office for Android remain at risk of compromise.
Security Architect’s Take: Ensure your mobile device management (MDM) or MAM policy enforces the latest Microsoft Office for Android update across all managed and BYOD devices; consider blocking access to corporate resources from devices running outdated Office versions until patched.
Original advisory: CVE-2026-45474 Microsoft Office Remote Code Execution Vulnerability