Microsoft patches multiple remote code execution flaws in Office and Windows graphics
Microsoft disclosed and patched several remote code execution vulnerabilities affecting Microsoft Office, Excel, and Windows graphics components, including CVE-2026-42831, CVE-2026-26108, CVE-2025-49742, CVE-2024-49031, CVE-2024-49065, and CVE-2026-35421. The issues span Office document handling, Excel, the Office Graphics stack, the Windows Graphics Component, and Windows GDI, indicating broad exposure across common user-facing software used to process files and render content.
Microsoft said CVE-2026-42831 is a heap-based buffer overflow in Microsoft Office that can allow code execution when a user opens a malicious Office file. The flaw carries a CVSS 7.8 score, requires user interaction, and is not exploitable through the Preview Pane; Microsoft also said it was not publicly disclosed, not observed in the wild, and assessed as less likely to be exploited, with a security fix available. The related advisories point to a recurring risk pattern in which crafted documents or graphics content can trigger code execution on victim systems, reinforcing the need to prioritize patching for Office and Windows rendering components.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Microsoft discloses CVE-2026-35421 in Windows GDI
Microsoft published CVE-2026-35421, a remote code execution vulnerability affecting Windows GDI.
Microsoft releases fix for CVE-2026-42831 in Microsoft Office
Microsoft disclosed CVE-2026-42831, a critical heap-based buffer overflow in Microsoft Office that can lead to remote code execution if a user opens a malicious file. Microsoft said the flaw was not publicly disclosed, not exploited in the wild, exploitation was assessed as unlikely, and an official fix was available.
Microsoft discloses CVE-2026-26108 in Microsoft Excel
Microsoft published CVE-2026-26108, a remote code execution vulnerability affecting Microsoft Excel.
Microsoft discloses CVE-2025-49742 in Windows Graphics Component
Microsoft published CVE-2025-49742, a remote code execution vulnerability in the Windows Graphics Component.
Microsoft discloses CVE-2024-49065 in Microsoft Office
Microsoft published CVE-2024-49065, a remote code execution vulnerability affecting Microsoft Office.
Microsoft discloses CVE-2024-49031 in Office Graphics
Microsoft published CVE-2024-49031, a remote code execution vulnerability in Microsoft Office Graphics.
Microsoft discloses CVE-2023-36423 in Remote Registry Service
Microsoft published security guidance for CVE-2023-36423, a remote code execution vulnerability affecting the Microsoft Remote Registry Service.
Sources
7 references tracked. Mallory keeps watching after this page renders.
CVE-2026-35421 - Security Update Guide - Microsoft - Windows GDI Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-42831 - Security Update Guide - Microsoft - Microsoft Office Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-26108 - Security Update Guide - Microsoft - Microsoft Excel Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-49742 - Security Update Guide - Microsoft - Windows Graphics Component Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2024-49065 - Security Update Guide - Microsoft - Microsoft Office Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2024-49031 - Security Update Guide - Microsoft - Microsoft Office Graphics Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36423 - Security Update Guide - Microsoft - Microsoft Remote Registry Service Remote Code Execution Vulnerability
portal.msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patches Repeated Remote Code Execution Flaws Across Office Apps
Microsoft published a long series of security advisories for **remote code execution** vulnerabilities affecting core Office components, with the largest concentration in **Excel** and **Word**. The disclosures include Excel flaws such as `CVE-2024-49026`, `CVE-2024-49069`, `CVE-2025-21362`, `CVE-2025-21381`, `CVE-2025-21387`, `CVE-2025-24082`, `CVE-2025-62553`, `CVE-2026-26107`, `CVE-2026-26109`, `CVE-2026-26112`, and `CVE-2026-40359`, alongside Word issues including `CVE-2025-24077`, `CVE-2025-24078`, `CVE-2025-47170`, `CVE-2025-49700`, `CVE-2025-59222`, `CVE-2026-23657`, and `CVE-2026-33095`. Microsoft also listed related RCE bugs in **Microsoft Office** (`CVE-2025-21392`), **PowerPoint** (`CVE-2025-54908`), **Inbox COM Objects (Global Memory)** (`CVE-2025-58730`), and the **Visual Studio Code Python Extension** (`CVE-2025-49714`). One of the few entries with technical detail, **`CVE-2026-40359`**, describes an **Important** Excel use-after-free flaw (`CWE-416`) with a **CVSS 3.1 score of 7.8** that can let an attacker execute code if a user opens a malicious Office file. Microsoft said the bug was **not publicly disclosed**, **not exploited in the wild**, and **less likely** to be exploited at the time of publication, adding that the **Preview Pane is not an attack vector** and that a fix is available. Taken together, the advisories show Microsoft continuing to address document-driven code execution risks across Office products, where successful exploitation generally depends on **user interaction with crafted files** rather than direct network exposure.
May 25, 2026
Microsoft disclosed multiple Office and Excel remote code execution flaws
Microsoft published security advisories for several **remote code execution** vulnerabilities affecting **Microsoft Office** and **Microsoft Excel**, including `CVE-2025-24057`, `CVE-2025-24075`, and `CVE-2025-47162`. The issues were listed in the Microsoft Security Update Guide as Office-family flaws that could allow arbitrary code execution if successfully exploited. The disclosures indicate that the affected attack surface spans both the broader Office suite and Excel specifically, underscoring continued risk from malicious documents and content processed by productivity software. Organizations using Microsoft Office should prioritize review of the relevant advisories and deployment of associated security updates for the affected products tied to these CVEs.
May 25, 2026
Microsoft Patches Critical Office and Word Use-After-Free RCE Flaws
Microsoft disclosed and fixed two critical use-after-free vulnerabilities affecting **Microsoft Office** and **Microsoft Word**: `CVE-2026-40358` and `CVE-2026-40366`. Both bugs are classified as **CWE-416** and carry a **CVSS 8.4** rating, with Microsoft assessing impacts to confidentiality, integrity, and availability as high. The company said neither flaw had been publicly disclosed or exploited in the wild at the time of publication, and it rated exploitation as less likely. Microsoft said the vulnerabilities can lead to remote code execution, although the attack vector is described as **local**, with the **Preview Pane** able to serve as an attack path when malicious content is handled. The disclosures continue a broader pattern of Microsoft patching multiple remote code execution issues across its product line, including earlier Office flaws such as `CVE-2024-30101`, `CVE-2025-24080`, and `CVE-2025-59234`, as well as RCE bugs in Windows Connected Devices Platform Service, Remote Desktop Protocol, and Inbox COM Objects.
Jun 21, 2026