A remote code execution vulnerability (CVE-2026-45486) has been identified in Microsoft Word for Mac. An attacker exploiting this flaw could execute arbitrary code on an affected machine, potentially leading to full system compromise. Only users running Microsoft Office for Mac are affected; other Office platforms require no action.

Security Architect’s Take: Ensure all Mac endpoints running Microsoft Office are updated immediately via your MDM or patch management tooling. Validate compliance through your endpoint management platform and consider blocking macro execution or untrusted document sources as an interim control.

Original advisory: CVE-2026-45486 Microsoft Word Remote Code Execution Vulnerability