CVE-2026-45471 Microsoft CVE debrief

Who should care

Organizations and individuals using Microsoft Office Word, particularly those using vulnerable versions, should apply patches immediately to prevent exploitation. This includes users of Microsoft 365 Apps, Office 2019, Office 2021, and Office 2024.

Technical summary

The vulnerability is caused by an untrusted pointer dereference in Microsoft Office Word, which allows an attacker to execute code locally. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. The vulnerability affects various versions of Microsoft Office, including Office 2019, Office 2021, and Office 2024.

Defensive priority

HIGH

Recommended defensive actions

• Apply patches for Microsoft Office Word as soon as possible
• Use secure coding practices when developing software
• Implement memory protection mechanisms to prevent exploitation
• Conduct regular security audits and vulnerability assessments
• Use antivirus software and keep it up to date
• Be cautious when opening email attachments or clicking on links from unknown sources

Evidence notes

The vulnerability is documented in the CVE-2026-45471 record and the NVD detail page. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Official resources