CVE-2026-45475 is a remote code execution vulnerability affecting Microsoft Office. A successful exploit could allow an attacker to run arbitrary code on a victim’s machine, typically triggered by opening a malicious document. This update is an acknowledgement addition and carries no new technical detail, but the underlying vulnerability remains a concern for organisations reliant on Office productivity tools.

Security Architect’s Take: Ensure Microsoft Office is fully patched across all endpoints, including virtual desktops and cloud-hosted environments such as Azure Virtual Desktop. Verify that your patch management tooling has applied the relevant Office security update and review whether macro execution policies and Protected View are enforced via Group Policy or Microsoft Intune.

Original advisory: CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability