Security news aggregator

Latest coverage for Microsoft Office

Microsoft Office is a productivity software suite whose documents, add-ins, and vulnerabilities can expose data and compromise enterprise systems.

5 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Microsoft Office is a suite of productivity applications including Word, Excel, PowerPoint, and Access, delivered as desktop software and, in many environments, through Microsoft 365 services. Its files are common in business workflows, so Office security advisories, file-format changes, and configuration guidance can affect a broad range of users and systems.

Office documents can carry malicious macros, embedded objects, templates, or links, and vulnerabilities in an application or document parser may enable code execution when a file is opened or previewed. Useful controls include timely patching, restricting macros to trusted, signed sources, using Protected View, and inspecting attachment and download provenance. Cloud use adds security responsibilities around identity, external sharing, delegated application access, and retention of sensitive documents; monitoring sign-ins and sharing events helps distinguish an exploited endpoint from an account or configuration problem.

Volume over time

Weekly headline count for the current query.

Showing 5 most recent headlines Filtered view

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met

The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit

Microsoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution (RCE) vulnerability tracked as CVE-2023-36884 that threat actors have already leveraged in attacks. [...]