A remote code execution vulnerability (CVE-2026-45458) has been identified in Microsoft Outlook and Word for Mac. Microsoft has released security updates to address the flaw, and Mac users running affected versions of these Office applications should apply the patch immediately. Users on other platforms are not affected and no further action is required from them.

Security Architect’s Take: Ensure any Mac endpoints in your organisation running Microsoft Outlook or Word are updated promptly via your MDM solution or patch management tooling — prioritise devices with access to sensitive cloud environments or corporate email, as RCE vulnerabilities in mail and document clients present a significant initial-access risk.

Original advisory: CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability

A remote code execution vulnerability (CVE-2026-45486) has been identified in Microsoft Word for Mac. An attacker exploiting this flaw could execute arbitrary code on an affected machine, potentially leading to full system compromise. Only users running Microsoft Office for Mac are affected; other Office platforms require no action.

Security Architect’s Take: Ensure all Mac endpoints running Microsoft Office are updated immediately via your MDM or patch management tooling. Validate compliance through your endpoint management platform and consider blocking macro execution or untrusted document sources as an interim control.

Original advisory: CVE-2026-45486 Microsoft Word Remote Code Execution Vulnerability