VulnerabilitySecurity Week
8.4 — CRITICAL
Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises
CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”. The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek.
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A zero-click vulnerability in Microsoft Office Word (CVE-2026-40361) allows an unauthorized attacker to execute code locally, posing a significant threat to enterprises using the software.
⚙️Technical Details
Affected Systems
Microsoft Office WordAttack Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCve Id: CVE-2026-40361
💥Impact Assessment
Severity: Critical
🛡️Recommended Actions
1Apply the Microsoft Office Word patch as soon as possible to prevent exploitation of this vulnerability.
2Monitor for suspicious activity and implement additional security measures, such as email filtering and sandboxing.
3Conduct a thorough review of all software updates and patches to ensure all systems are up-to-date.
📦Affected Products
Microsoft Office Word
🔐NVD Verified DataVERIFIED
CVE-2026-40361 ↗CVSS 8.4 — HIGH
Attack Vector
LOCAL
Complexity
LOW
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-416
Read the full article
This is a curated summary. The complete article is available at Security Week.