A remote code execution vulnerability (CVE-2026-45471) has been identified in Microsoft Word, affecting Microsoft Office for Mac users. An attacker who successfully exploits this flaw could execute arbitrary code on a victim’s machine. Microsoft has released security updates and only Mac users running affected Office software need to act.

Security Architect’s Take: Ensure macOS endpoints running Microsoft Office are patched immediately via your MDM or endpoint management tooling; verify compliance through your vulnerability management platform and confirm no affected versions remain in your fleet, particularly on devices with access to cloud-hosted resources or sensitive data.

Original advisory: CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability