Critical RCE Vulnerabilities Found in Microsoft Outlook and Word

Microsoft has disclosed three critical remote code execution (RCE) vulnerabilities in Outlook and Word, identified as CVE-2026-45456, CVE-2026-45458, and CVE-2026-47635. These vulnerabilities, published on June 9, 2026, are linked to low-level memory safety issues in the Word rendering engine and its integration with Outlook Classic. Attackers could exploit these flaws to execute arbitrary code on targeted systems, affecting users of both applications. The vulnerabilities have a CVSS v3.1 base score of 8.4, indicating a high severity level. Microsoft has released patches to address these vulnerabilities, and users are urged to update their software immediately to mitigate potential risks. Security researchers are monitoring the situation for any signs of active exploitation.

Key Points: • Three critical RCE vulnerabilities in Microsoft Outlook and Word disclosed on June 9, 2026. • Vulnerabilities allow attackers to execute arbitrary code on affected systems. • Patches are available, and users are advised to update their software immediately.