Microsoft 365 Copilot is one of the most popular online productivity service on all platforms worwide.
With Microsoft 365, users can access any of the files, projects or PowerPoint presentations in any remote places with just an internet connectivity.
Quick summary - click for full detailsConcise summary of key highlights
CERT-In flags critical security vulnerabilities in Microsoft 365 Copilot
In one lineCERT-In flags critical security flaws in Microsoft 365 Copilot, risking data breaches and system disruption.Key points• Critical vulnerabilities detectedCERT-In identified two critical vulnerabilities (CVE-2026-42827 and CVE-2026-41090) in Microsoft 365 Copilot, including input validation flaws, authentication weaknesses, and command handling issues.• Potential attack vectorsIf exploited, attackers could execute arbitrary code, steal sensitive data, cause denial-of-service attacks, or disrupt cloud services.• Broader security concernsMicrosoft acknowledged vulnerabilities in multiple products, including Global Secure Access, Entra ID, and Azure services, with updates already rolled out.• User action requiredUsers are advised to update Microsoft 365 apps immediately via the Account > Update Options menu to mitigate risks.Processed with AI. Reviewed by DH Digital Team.
However, it also attracts cyber criminals to target people to steal personal information such as bank statements or even company's trade secrets for ransom. While users are advised to be cautious while on internet, it also the job of service providers to have strong security to prevent data breaches. But, some time, due to unintentional oversight by the engineer, leave security loopholes in applications.
In the latest instance, two vulnerabilities-- CVE-2026-42827 and CVE-2026-41090-- deemed critical has been detected in Microsoft 365 Copilot, state-run Indian Computer Emergency Response Teame (CERT-In).
Android 17 to bring AI scam detection, new potent anti-theft tools & moreCERT-In noted that Microsoft's product has issues with input validation, there is authentication weakness, authorisation isses and command handling flaws.
If the issue is not resolved soon, it can allow attackers to execute arbitrary code, steal sensitive information, cause denial of services on affected systems and also there is high risk of disruption of cloud services.
Besides Microsoft 365 Copilot, there are security issues in other major products including Microsoft Global Secure Acces (GSA), Microsoft Entra ID, Microsoft Planetary Computer Pro (GeoCatalog), Azure Stack ACI, Resource Managed, Virtual Network Gateway, Privileged Identity Management (PIM), Microsoft Power Pages and Azure Orbital Spatio.
Microsoft has acknowledged the security vulnerabilities in services and has rolled out updates. Users are advised to update to the latest version.
Here's how to update your Microsoft 365 apps:
Step 1: Open any of Microsoft 365 application (such as Word, Excel, or PowerPoint)
Step 2: Click File in the top-left corner, then select Account (or Office Account) from the menu.
Step 3: Under the Product Information section; click Update Options.
Ste 4: Select Update Now. (If you don't see this, click Enable Updates first).
Google I/O 2026 Gemini AI 3.5, Intelligent Eyewear and more