External risk intelligence

Microsoft Office Local Code Execution Vulnerability.

CVE advisorySeverity: HIGH (CVSS 8.4)

CVE-2026-40361

A memory management flaw in Microsoft Office allows an unauthorized attacker to execute code locally on affected systems, potentially leading to data compromise and business disruption. This vulnerability impacts various Microsoft Office products. The risk is classified as internal, meaning exploitation typically requi

1Halo Surface Signal

Use After Free

Microsoft 365 Apps

2019202120242016

External exposure likelihood

Halo Surface Signal score for CVE-2026-40361

This vulnerability exists in client-side productivity software (Microsoft Office and Word). These applications are installed on local end-user devices and are not designed to be network-facing services or gateways, making public internet exposure through the application itself not applicable.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

Microsoft Office applications contain a memory management flaw that permits an attacker to execute code on a local system. This vulnerability exists in various Microsoft Office products. An attacker who successfully exploits this issue could gain unauthorized control over the affected system, leading to potential data breaches or system disruption. The impact could involve unauthorized access and modification of sensitive information, or the compromise of business operations.

  • Microsoft Office applications
  • Memory management failure
  • Unauthorized code execution

Attack Path

How an attacker could exploit the issue

A use-after-free vulnerability in Microsoft Office allows an unauthorized attacker to execute code locally. This could lead to the compromise of sensitive data and disruption of business operations. Organizations utilizing affected Microsoft products face a potential risk to system integrity and data confidentiality.

  • Local execution requires attacker access.
  • Attacker triggers vulnerable code.
  • Local code execution results.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability impacts Microsoft Office applications, allowing an unauthorized attacker to execute code locally. The exploitation requires the attacker to have local access to a system with a vulnerable version of the software. Successful exploitation could lead to significant data compromise and system disruption.

  • Likely attacker skill level: Low
  • Required access or conditions: Local access
  • Business risk or urgency: Moderate

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

A use-after-free vulnerability in Microsoft Office allows an unauthorized attacker to execute code locally. This could result in a compromise of affected systems, potentially leading to data loss or unauthorized access. The risk is classified as internal, meaning exploitation typically requires local access to a system.

  • Find affected Microsoft Office assets.
  • Reduce exposure by isolating systems.
  • Apply vendor fixes and verify.
  • Monitor for related activity.

Frequently asked questions

What is Microsoft Office 365 Apps?

Microsoft 365 Apps is a suite of productivity applications for businesses, including Word, Excel, and PowerPoint, used for creating documents, spreadsheets, and presentations. It is part of the Microsoft 365 subscription service and is designed for enterprise use.

What is CVE-2026-40361?

CVE-2026-40361 is a use-after-free vulnerability in Microsoft Office. This type of weakness occurs when software attempts to access memory after it has been freed, potentially allowing an attacker to execute their own code on the system. [cite: catalog]

How could an attacker exploit CVE-2026-40361?

Exploiting this vulnerability requires the attacker to have local access to a machine running a vulnerable version of Microsoft Office. They would then need to trigger the vulnerable code within the application, which could lead to unauthorized code execution. [cite: draft]

Who should be concerned about this vulnerability?

Organizations using affected Microsoft Office products should be concerned, especially if these applications are accessed on internal systems. While not typically internet-facing, the impact of local code execution can still be significant for data confidentiality and system integrity. [cite: haloSurfaceSignal, draft]

What is the first step to address this threat?

The initial step is to identify all assets running the affected Microsoft Office versions within your environment. Subsequently, applying the fixes provided by Microsoft and verifying their successful implementation is crucial. [cite: draft]

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified