March Patch Tuesday: Three high severity holes in Microsoft Office
Summary
Microsoft's March Patch Tuesday release includes three high-severity vulnerabilities in Office: an information disclosure flaw in Excel (CVE-2026-26144) that can leak data through improper input handling, and two remote code execution bugs (CVE-2026-26113 and CVE-2026-26110) caused by memory handling errors that could let attackers run malicious code. These vulnerabilities are particularly dangerous because they can be triggered through routine document handling and preview features without requiring user interaction.
Solution / Mitigation
If patch deployment must be delayed, organizations should restrict outbound network traffic from Office applications, monitor unusual network requests from Excel processes, and disable or limit AI-driven automation features such as Copilot Agent mode to reduce exposure.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4143232/march-patch-tuesday-three-high-severity-holes-in-microsoft-office.html
First tracked: March 10, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 75%