A remote code execution vulnerability (CVE-2026-44820) has been identified in Microsoft Excel for Mac. An attacker exploiting this flaw could execute arbitrary code on an affected machine, potentially leading to full system compromise. Microsoft has released a security update and Mac users running affected versions of Microsoft Office should apply the patch immediately.

Security Architect’s Take: Ensure endpoint management policies enforce prompt installation of the latest Microsoft Office for Mac updates across your organisation — verify compliance via Intune or your MDM solution. If your environment includes Mac-based developer or analyst workstations with access to cloud environments, treat this as elevated priority given the potential for lateral movement post-exploitation.

Original advisory: CVE-2026-44820 Microsoft Excel Remote Code Execution Vulnerability