Description of the security update for SharePoint Server 2016: May 12, 2026 (KB5002868)

Description of the security update for SharePoint Server 2016: May 12, 2026 KB5002868 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're currently...

CVE-2026-35440

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability

...

CVE-2026-40421

CVE-2026-40421 affects Microsoft Word (Office) with vulnerability caused by external control of a file name or path in Word. This leads to an information disclosure over a network. The CVE is referenced alongside a Word 2016 security update (KB5002858) that addresses multiple related CVEs includi...

Description of the security update for SharePoint Server 2016 Language Pack: May 12, 2026 (KB5002869)

Description of the security update for SharePoint Server 2016 Language Pack: May 12, 2026 KB5002869 Summary Important: If you're running Microsoft SharePoint Server 2013-type workflows, you must install the August 2025 update for SharePoint Workflow Manager to your farm before you install this...

Microsoft Word 资源管理错误漏洞

Microsoft Word is a word processing software within the Office suite developed by Microsoft Corporation. There is a resource management vulnerability in Microsoft Word. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are affected: Microsoft...

Security Updates for Microsoft Office Products (April 2026) (macOS)

The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as referenced in the april-14-2026 advisory. - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. CVE-2026-33095, CVE-2026-33115 - Out-of-boun...

CVE-2026-33114

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...

CVE-2026-33114

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...

CVE-2026-23657 Microsoft Word Remote Code Execution Vulnerability

...

CVE-2026-33822 Microsoft Word Information Disclosure Vulnerability

...

CVE-2026-21514

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally...

KLA90874 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. A security feature bypass vulnerability ...

Description of the security update for Office 2016: January 26, 2026 (KB5002713)

Description of the security update for Office 2016: January 26, 2026 KB5002713 Summary This security update resolves a Microsoft Word security feature bypass vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2026-21509. Note: To apply thi...

CVE-2026-20948

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...

CVE-2026-20948

The CVE-2026-20948 entry affects Microsoft Word (Office Word). It is described as an Untrusted pointer dereference in Microsoft Office Word that allows an unauthorized attacker to execute code locally (remote code execution). The issue is evidenced by multiple sources, with a CVSS v3.1 base score...

CVE-2026-20944 Microsoft Word Remote Code Execution Vulnerability

...

Description of the security update for SharePoint Server 2016 Language Pack: January 13, 2026 (KB5002827)

Description of the security update for SharePoint Server 2016 Language Pack: January 13, 2026 KB5002827 Summary Important: If you're running Microsoft SharePoint Server 2013-type workflows, you must install the August 2025 update for SharePoint Workflow Manager to your farm before you install thi...

Microsoft Word 安全漏洞

Microsoft Word is a word processing software in the Office suite of Microsoft Corporation USA. A security vulnerability exists in Microsoft Word. An attacker exploiting this vulnerability could remotely execute code. The following products and editions are affected:Microsoft SharePoint Enterprise...

CVE-2024-41165

A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of th...