CERT-In Issues Warning on Microsoft Office Vulnerabilities
India's cybersecurity watchdog, the Computer Emergency Response Team (CERT-In), has issued a warning about high-severity vulnerabilities in Microsoft Office that could expose users to remote attacks. These flaws, if exploited, could allow threat actors to execute arbitrary code on targeted systems, potentially compromising sensitive data.
Critical Vulnerability Identified
The most notable vulnerability, tracked as CVE-2026-45659, is a high-severity flaw in Microsoft Office that risks remote code execution and system compromise. This issue arises from the deserialisation of untrusted data, which could be exploited through specially crafted documents. Attackers could bypass Office's security mechanisms by embedding malware in documents, leading to the theft of personal and financial information.
Microsoft's Response and Broader Concerns
Microsoft has acknowledged the vulnerability and released an update to patch it. Users are strongly urged to apply the update immediately to mitigate risks. In addition to CVE-2026-45659, CERT-In flagged similar flaws in Microsoft 365 Copilot, including input validation and authentication weaknesses that could also lead to arbitrary code execution.
Recommended User Actions
To protect against these threats, users should update Microsoft Office promptly. The update can be applied through the Word app's Account settings under Product Information. Ensuring that the latest security patch is installed is critical to safeguarding systems from potential attacks.
Key Statistics
- Active users: Over 1.2 billion people use Microsoft Office worldwide.
- Enterprise adoption: More than 3.7 million companies rely on Microsoft Office globally.
- Legacy: Microsoft Office was first launched in June 1989, marking over three decades of productivity software evolution.
