Quick summary - click for full details
Concise summary of key highlights
In one line
CERT-In warns of high-severity vulnerabilities in Microsoft Office exposing users to remote attacks.
Key points
• Critical vulnerability detected
CVE-2026-45659, a high-severity flaw in Microsoft Office, risks remote code execution and system compromise due to untrusted data deserialisation.
• Potential attack vectors
Malware-laced documents could bypass Office's security, enabling threat actors to steal personal and financial data from targeted systems.
• Microsoft's response
Microsoft has acknowledged the issue and released an update to patch the vulnerability; users are urged to update immediately.
• Broader security concerns
CERT-In also flagged similar flaws in Microsoft 365 Copilot, including input validation and authentication weaknesses, risking arbitrary code execution.
• User action required
Users must update Microsoft Office via the Word app's Account settings under Product Information to enable and apply the latest security patch.
Key statistics
1.2 billion-plus active users
Microsoft Office user base
More than 3.7 million companies
Global enterprise adoption
June 1989
Office launch date
Processed with AI. Reviewed by DH Digital Team.
Microsoft Office app now available on Google Play for Android phones
Published 03 June 2026, 07:49 IST
