Microsoft has released security updates addressing a remote code execution vulnerability (CVE-2026-45456) affecting Microsoft Outlook and Word on macOS. Attackers exploiting this flaw could potentially execute arbitrary code on affected Mac systems running vulnerable versions of Microsoft Office. Only Mac users are affected; users of other Office platforms do not need to take action.

Security Architect’s Take: Ensure any macOS endpoints in your organisation running Microsoft Outlook or Word are patched immediately via Microsoft AutoUpdate or your MDM solution. Validate patch compliance through your endpoint management tooling, particularly for remote or BYOD Mac users who may not receive updates promptly.

Original advisory: CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability

A remote code execution vulnerability (CVE-2026-45471) has been identified in Microsoft Word, affecting Microsoft Office for Mac users. An attacker who successfully exploits this flaw could execute arbitrary code on a victim’s machine. Microsoft has released security updates and only Mac users running affected Office software need to act.

Security Architect’s Take: Ensure macOS endpoints running Microsoft Office are patched immediately via your MDM or endpoint management tooling; verify compliance through your vulnerability management platform and confirm no affected versions remain in your fleet, particularly on devices with access to cloud-hosted resources or sensitive data.

Original advisory: CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability

A remote code execution vulnerability (CVE-2026-45643) has been identified in Microsoft Word affecting Mac users running specific versions of Microsoft Office for Mac. An attacker exploiting this flaw could execute arbitrary code on a victim’s machine, potentially leading to full system compromise. Only Mac users of affected Office versions need to act; other platforms are unaffected.

Security Architect’s Take: Ensure your macOS endpoint management tooling (e.g. Intune, Jamf) has deployed the latest Microsoft Office for Mac update across all managed devices promptly. Verify compliance reporting confirms patched versions before considering the risk mitigated.

Original advisory: CVE-2026-45643 Microsoft Word Remote Code Execution Vulnerability

A security vulnerability in Microsoft Word for Mac (CVE-2026-45466) allows information disclosure, potentially exposing sensitive data from affected documents. Microsoft has released security updates for Microsoft Office for Mac to address the issue. Only users running the affected Mac versions of Office need to act; other platforms are unaffected.

Security Architect’s Take: Ensure any managed Mac endpoints running Microsoft Office are updated promptly via your MDM solution or patch management tooling. Verify compliance reporting confirms the patch has been applied across your Mac fleet, particularly for users handling sensitive or confidential documents.

Original advisory: CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability