Microsoft Excel Use-After-Free Vulnerability Allowing Local Remote Code Execution

A use-after-free vulnerability has been identified in Microsoft Office Excel. This issue allows an unauthorized attacker to execute code locally on the affected system. The vulnerability arises from improper memory management, which can be exploited by manipulating how Excel handles certain objects in memory.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the affected system.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. For Microsoft Excel 2016 (both 32-bit and 64-bit editions), the security update is available as part of the May 2026 Patch Tuesday. Instructions for downloading the update can be found in the Microsoft Excel 2016 Security Update article. For Microsoft Office LTSC 2024 (both 32-bit and 64-bit editions), the security update is also part of the May 2026 Patch Tuesday. Similar guidance applies to Microsoft Office LTSC 2021 (both 32-bit and 64-bit editions) and Microsoft 365 Apps for Enterprise (again, both 32-bit and 64-bit editions). Users can refer to the respective security update articles for each version for download instructions.