CVE-2026-40358
Microsoft · Office
A use-after-free vulnerability in Microsoft Office allows an unauthorized local attacker to execute arbitrary code.
Executive summary
A critical use-after-free vulnerability in Microsoft Office could allow an unauthorized local attacker to execute arbitrary code on the host system.
Vulnerability
This vulnerability is a use-after-free (CWE-416) flaw in Microsoft Office. The CVSS vector (AV:L/AC:L/PR:N/UI:N) confirms that an unauthenticated local attacker can trigger this condition, leading to memory corruption and potential code execution.
Business impact
The ability to execute arbitrary code via a use-after-free vulnerability presents a severe risk to organizational security, potentially resulting in full system compromise. With a CVSS score of 8.4, the vulnerability is highly dangerous, as it allows attackers to bypass standard security controls and gain unauthorized access to sensitive information.
Remediation
Immediate Action: Update all affected Microsoft Office instances to the latest patched versions as outlined in the Microsoft Security Update Guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40358).
Proactive Monitoring: Review system and application logs for unusual crashes or instability in Office applications, which may indicate exploitation attempts.
Compensating Controls: Utilize EDR tools to monitor for suspicious child processes initiated by Office applications, which is a common indicator of exploitation.
Exploitation status
Public Exploit Available: No (exploit_available: false).
Analyst recommendation
The risk of arbitrary code execution makes this vulnerability a priority for remediation. Administrators should verify that all clients receive the necessary security patches promptly to prevent potential exploitation.