🟠 High | Source: Microsoft Security Response Center
A remote code execution vulnerability (CVE-2026-45643) has been identified in Microsoft Word affecting Mac users running specific versions of Microsoft Office for Mac. An attacker exploiting this flaw could execute arbitrary code on a victim’s machine, potentially leading to full system compromise. Only Mac users of affected Office versions need to act; other platforms are unaffected.
Security Architect’s Take: Ensure your macOS endpoint management tooling (e.g. Intune, Jamf) has deployed the latest Microsoft Office for Mac update across all managed devices promptly. Verify compliance reporting confirms patched versions before considering the risk mitigated.
Original advisory: CVE-2026-45643 Microsoft Word Remote Code Execution Vulnerability