Microsoft patches two critical Office security vulnerabilities

Microsoft has announced fixes for two critical security vulnerabilities in Office. Tracked as CVE-2026-26110 and CVE-2026-26113, the flaws could allow anyone with local access to execute arbitrary code.

Both issues carry base and temporal scores of 8.4 and 7.3, placing them in the critical severity range. Redmond's brief announcements focus on delivering patches to address the risks.

The piece also notes that while Copilot can be ignored or disabled, the author criticizes recent changes to Outlook, saying it has been "slowly turned into a clunky, confusing, feature-fudge mess of a program" that he now uses only begrudgingly and sparingly.

United States, Redmond

microsoft, office, cve-2026-26110, cve-2026-26113, critical vulnerability, arbitrary code, local access, security patch, outlook, copilot