Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The second Tuesday of each month is known as Patch Tuesday. Windows 11 Patch Tuesday Update It included a ton of good updates, a welcome change from the issues that plagued the operating system recently. But another flagship Microsoft product, Office, had a couple of vulnerabilities flagged.
code name CVE-2026-26110 and CVE-2026-26113the vulnerabilities could be used to execute code locally. Both vulnerabilities require local access, making them more difficult to exploit.
Article continues below.
When ‘Local’ isn’t really local
Microsoft titling them as “Remote Code Execution” while requiring “Local Access” seems like a contradiction. Microsoft explains the distinction this way:
“The word Remote in the title refers to the location of the attacker… The attack itself is carried out locally. This means that an attacker or victim needs to execute code from the local machine to exploit the vulnerability.”
In other words, an attacker could send you a file remotely, but the file would have to be processed locally.
The problem is that since the Office Preview Pane is a valid attack vector for these vulnerabilities, a local user does not need to double-click a file or “Enable Macros” to be at risk. Simply clicking on an email to preview it in Outlook is enough to “locally process” the file and let the attacker in.
How to stay safe
Microsoft has already released patches for all supported versions of Office. If you are still running Office 2013 (which is past its end of support date), you will not receive this fix.
To protect your system:
- Open Windows Update and check for the latest updates.
- Make sure you have the latest microsoft 365 either Office 2016/2019/2021 updates are installed.
- If you cannot patch immediately, consider disable preview panel in Outlook and File Explorer (this can be done through the View menu).
If you visit the Microsoft Security Response Center (MSRC), you will see hundreds of security advisories that were published on March 10, many of which are marked “Important.”
The Office vulnerabilities highlighted here are among a much smaller set that is marked “Critical.”
Of course, it’s worth updating to address all the vulnerabilities. To ensure your PC is secure, make sure Windows and Office have been updated to their latest versions.
🗨️ How do you handle security updates?
Microsoft’s automatic updating system is the unsung hero of Windows security, managing thousands of fixes like this each year behind the scenes. Do you rely on the “set it and forget it” approach, or do you still prefer to manually check your update history just to make sure everything has worked correctly? Let us know in the comments!
Join us on Reddit at r/WindowsCentral to share your ideas and discuss our latest news, reviews and more.
