Since its launch in June 1989, the Microsoft Office app continues to be the most popular productivity tool on all platforms, including iOS, Android and Windows worldwide.
It has been subscribed to by more than 3.7 million global companies with a 1.2 billion-plus active user base.
Quick summary - click for full detailsConcise summary of key highlights
CERT-In flags security vulnerabilities in Microsoft Office app
In one lineCERT-In warns of high-severity vulnerabilities in Microsoft Office exposing users to remote attacks.Key points• Critical vulnerability detectedCVE-2026-45659, a high-severity flaw in Microsoft Office, risks remote code execution and system compromise due to untrusted data deserialisation.• Potential attack vectorsMalware-laced documents could bypass Office's security, enabling threat actors to steal personal and financial data from targeted systems.• Microsoft's responseMicrosoft has acknowledged the issue and released an update to patch the vulnerability; users are urged to update immediately.• Broader security concernsCERT-In also flagged similar flaws in Microsoft 365 Copilot, including input validation and authentication weaknesses, risking arbitrary code execution.• User action requiredUsers must update Microsoft Office via the Word app's Account settings under Product Information to enable and apply the latest security patch.Key statistics1.2 billion-plus active usersMicrosoft Office user baseMore than 3.7 million companiesGlobal enterprise adoptionJune 1989Office launch dateProcessed with AI. Reviewed by DH Digital Team.
Given the fact that billions of people use Microsoft Office, it also attracts cyber criminals try ingenious tricks to breach the application and steal users' personal and financial information. While users are advised to be cautious while on the internet, it is also the job of service providers to have strong security against threat actors. But sometimes, due to unintentional oversight by the engineer, leave security loopholes in application.
Google Play Store will soon warn about dead Android apps on phoneIn the latest instance, a vulnerability (CVE-2026-45659) with a high severity rating has been detected in Microsoft Office. If this is not fixed, there is a high risk of remote code execution, unauthorised access and potential system compromise, noted the Indian Computer Emergency Response Team (CERT-In).
The issue is due to deserialisation of untrusted data in the Microsoft Office app. In layman's terms, when an unsuspecting user tries to use the Microsoft Office app to open a document file laced with malware, the app's security fails to recognise the threat in the file and the malware slips into the computer, allowing threat actors to steal personal information in the targeted system.
Microsoft Office app now available on Google Play for Android phonesMicrosoft has acknowledged the issue and has released the update to the Office app. Users are advised to update their app to the latest version.
In a related development, recently CERT-In flagged similar cyber threats in Microsoft 365 Copilot.
CERT-In noted that Microsoft's product has issues with input validation, there is an authentication weakness, authorisation issues and command handling flaws.
If the issue is not resolved soon, it can allow attackers to execute arbitrary code, steal sensitive information, cause denial of service on affected systems, and there is a high risk of disruption of cloud services.
Here's how to update your Microsoft Office apps:
Step 1: Open the Microsoft Office Word app
Step 2: Click File in the top-left corner, then select Account (or Office Account) from the menu.
Step 3: Under the Product Information section, click Update Options.
Step 4: Select Update Now. (If you don't see this, click Enable Updates first).
CERT-In flags critical security vulnerabilities in Microsoft 365 Copilot