A remote code execution vulnerability (CVE-2026-45458) has been identified in Microsoft Outlook and Word for Mac. Microsoft has released security updates to address the flaw, and Mac users running affected versions of these Office applications should apply the patch immediately. Users on other platforms are not affected and no further action is required from them.

Security Architect’s Take: Ensure any Mac endpoints in your organisation running Microsoft Outlook or Word are updated promptly via your MDM solution or patch management tooling — prioritise devices with access to sensitive cloud environments or corporate email, as RCE vulnerabilities in mail and document clients present a significant initial-access risk.

Original advisory: CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability