CVE-2026-32190 – Microsoft Office Remote Code Execution Vulnerability

This critical vulnerability in Microsoft Office is caused by a use-after-free memory flaw that allows an attacker to execute arbitrary code on a local system. Despite requiring local execution, the risk remains high due to attack vectors such as the Preview Pane, which can automatically process malicious content. Successful exploitation can grant attackers complete control over affected systems, making this a serious threat in environments where Office files are frequently handled.

CVSS Score: 8.4
SEVERITY: Critical
THREAT: Remote Code Execution

EXPLOITS:
No public exploits or proof-of-concept (PoC) code have been identified. The vulnerability has not been publicly disclosed and is currently considered less likely to be exploited, though similar vulnerabilities have historically been weaponized quickly.

TECHNICAL SUMMARY:
This vulnerability is classified as a use-after-free issue (CWE-416), where Microsoft Office improperly manages memory after it has been freed. When a specially crafted file is processed, the application may continue to reference memory that has already been released. An attacker can manipulate this condition to corrupt memory and execute arbitrary code. Notably, the Preview Pane can act as an attack vector, meaning the vulnerability can be triggered without explicitly opening the file, increasing the risk of accidental exposure.

EXPLOITABILITY:
Affects supported versions of Microsoft Office prior to the patched release.
Exploitation occurs when a malicious file is opened or previewed locally, including via the Preview Pane.

BUSINESS IMPACT:
This vulnerability poses a significant threat to organizations relying on Microsoft Office for daily operations. Attackers can leverage malicious documents to gain full control of user systems, leading to data theft, ransomware deployment, or lateral movement within the network. The Preview Pane vector increases the likelihood of accidental compromise, even among cautious users.

WORKAROUND:
Disable the Preview Pane in email clients and file explorers where possible.
Avoid opening or previewing files from untrusted or unknown sources.

URGENCY:
This vulnerability enables high-impact code execution with no required user interaction in certain scenarios, such as Preview Pane rendering. Its ability to bypass typical user caution mechanisms makes it particularly dangerous in phishing campaigns and targeted attacks. Rapid deployment of patches is critical to prevent exploitation through common document workflows.