Office-for-Mac

🟠 High | Source: Microsoft Security Response Center A remote code execution vulnerability (CVE-2026-44818) has been identified in Microsoft Excel for Mac. An attacker who successfully exploits this flaw could execute arbitrary code on a victim’s machine, typically by convincing a user to open a malicious Excel file. Only users running Microsoft Office for Mac are affected; other Office platforms do not require action. Security Architect’s Take: Ensure all macOS endpoints running Microsoft Office are patched immediately via the update released by Microsoft. If you manage a fleet of Macs through Intune or a third-party MDM solution, prioritise deploying this update and validate compliance reporting to confirm coverage before threat actors can weaponise a public proof-of-concept. ...

🟠 High | Source: Microsoft Security Response Center A remote code execution vulnerability (CVE-2026-44819) has been identified in Microsoft Office for Mac, allowing attackers to potentially execute arbitrary code on affected systems. Microsoft has released security updates to address the flaw, and only Mac users running affected Office software need to act. Users on other platforms are not impacted. Security Architect’s Take: Ensure all macOS endpoints running Microsoft Office are patched immediately via your MDM or endpoint management tooling; prioritise any devices with access to cloud environments or sensitive data, and verify compliance through your endpoint detection inventory. ...

🟠 High | Source: Microsoft Security Response Center A remote code execution vulnerability (CVE-2026-45458) has been identified in Microsoft Outlook and Word for Mac. Microsoft has released security updates to address the flaw, and Mac users running affected versions of these Office applications should apply the patch immediately. Users on other platforms are not affected and no further action is required from them. Security Architect’s Take: Ensure any Mac endpoints in your organisation running Microsoft Outlook or Word are updated promptly via your MDM solution or patch management tooling — prioritise devices with access to sensitive cloud environments or corporate email, as RCE vulnerabilities in mail and document clients present a significant initial-access risk. ...