Microsoft has released security updates addressing a remote code execution vulnerability (CVE-2026-45456) affecting Microsoft Outlook and Word on macOS. Attackers exploiting this flaw could potentially execute arbitrary code on affected Mac systems running vulnerable versions of Microsoft Office. Only Mac users are affected; users of other Office platforms do not need to take action.

Security Architect’s Take: Ensure any macOS endpoints in your organisation running Microsoft Outlook or Word are patched immediately via Microsoft AutoUpdate or your MDM solution. Validate patch compliance through your endpoint management tooling, particularly for remote or BYOD Mac users who may not receive updates promptly.

Original advisory: CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability