HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-45643Published Modified CNA microsoft

CVE-2026-45643: Microsoft Word Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
https://aka.ms/OfficeSecurityReleases
Affected Products
6

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An untrusted pointer dereference vulnerability in Microsoft Word allows an attacker to execute arbitrary code on a target machine. Based on the CVSS vector (AV:L/PR:N/UI:R), exploitation is local and requires no authentication but does require the victim to open a malicious Word document. Successful exploitation gives the attacker full code execution with the victim's privileges, enabling complete confidentiality, integrity, and availability compromise of the affected system. A patched-image rebuild is available on HarborGuard for environments running affected versions of Microsoft 365 Apps for Enterprise, Office LTSC 2021, or Office LTSC 2024.

HarborGuard Coverage

Detection

Detection of CVE-2026-45643 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle Microsoft Office components.

Available
Triage

HarborGuard triage is capable of scoring this CVE at CVSS 7.8 HIGH and weighting it against each customer organization's compliance policies to determine urgency. Routed findings land in the appropriate team inbox within each customer org based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild targeting the fix versions referenced at https://aka.ms/OfficeSecurityReleases becomes available on HarborGuard for each affected image once the upstream release is resolvable. For customers who opt into auto-remediation, the platform performs the rebuild, runs a regression test suite, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network-facing service exposure is required to trigger this vulnerability.

  • AuthenticationNot required

    No account credentials or prior authentication are required; the attacker can be a completely unprivileged local or social-engineering-delivered actor.

  • Victim interactionRequired

    The victim must open a specially crafted Word document, making this a social-engineering-dependent exploit typically delivered via phishing or malicious file share.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special race conditions, memory layout assumptions, or other environmental preconditions beyond the victim opening the file.

Blast Radius

  • Reads files and secrets accessible to the victim user process, including stored credentials, documents, and session tokens.
  • Modifies or deletes files on the local filesystem within the victim's permission scope.
  • Crashes or destabilizes the affected Office process and any dependent workflows.
  • Provides a foothold for lateral movement or privilege escalation from the compromised user context.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-45643 activates as soon as the CVE is ingested, matching against any image in a customer's registry that bundles affected Microsoft Office versions (Microsoft 365 Apps for Enterprise from 16.0.1, Office LTSC 2021 from 16.0.1, or Office LTSC 2024 from 16.0.0). A patched rebuild becomes available once Microsoft's fix release at https://aka.ms/OfficeSecurityReleases is published and resolvable by HarborGuard's ingest pipeline. For customers who opt into auto-remediation, the platform rebuilds the image at the patched version, executes regression tests, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Where compliance policy requires manual sign-off, triage findings are routed to the designated team inbox with the CVSS 7.8 HIGH score and policy-weighted priority attached. Because this is a file-opening exploit, compensating controls such as restricting untrusted document ingestion paths or disabling Word processing in affected container workloads can reduce exposure while a patched rebuild is prepared.

See how HarborGuard automates this

Fix available

https://aka.ms/OfficeSecurityReleases
Patch commits
Affected packages
  • Microsoft / Microsoft 365 Apps for Enterprise
    < https://aka.ms/OfficeSecurityReleases (from 16.0.1)
  • Microsoft / Microsoft Office 365 for Mac
    -
  • Microsoft / Microsoft Office LTSC 2021
    < https://aka.ms/OfficeSecurityReleases (from 16.0.1)
  • Microsoft / Microsoft Office LTSC 2024
    < https://aka.ms/OfficeSecurityReleases (from 16.0.0)
  • Microsoft / Microsoft Office LTSC for Mac 2021
    -
  • Microsoft / Microsoft Office LTSC for Mac 2024
    -
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References