Skip to Content

How do I fix critical Office 2016 security vulnerabilities listed in the January 2026 patch?

By: Author Alex Lim

Posted on

Categories Microsoft

Home » Microsoft » How do I fix critical Office 2016 security vulnerabilities listed in the January 2026 patch?

Is your Microsoft Office secure after the January 2026 patch tuesday update?

On January 13, 2026, Microsoft released significant security patches for its Office suite during the scheduled “Patch Tuesday” cycle. This update addresses critical vulnerabilities that could compromise system integrity. Administrators and users must prioritize these installations to mitigate risks associated with remote code execution (RCE) flaws.

The following sections detail specific updates for MSI installations, Click-to-Run (C2R) packages, and SharePoint servers.

Update Strategy for MSI Installations

These updates apply strictly to the installable MSI versions of Microsoft Office. Newer suites like Office 2019, 2021, and 2024 utilize Click-to-Run technology and update automatically through a different channel (detailed below).

Important Note on Support Lifecycle

Although Microsoft Office 2016 and 2019 have officially reached the end of their standard support lifecycle, Microsoft has provided exceptional security updates for this cycle. Organizations relying on these legacy versions should immediately plan a transition or implement third-party micropatching solutions, such as 0patch, to maintain security after the definitive October 2025 cutoff.

Office 2016 Security Patches

Microsoft released three specific KB articles addressing multiple RCE vulnerabilities. These flaws allow attackers to execute malicious code remotely if a user opens a compromised file.

  • Excel 2016 (KB5002831): Remediation for CVE-2026-20957, CVE-2026-20950, and CVE-2026-20946.
  • Office 2016 Core (KB5002826): Remediation for CVE-2026-20952, CVE-2026-20953, and CVE-2026-20943.
  • Word 2016 (KB5002829): Remediation for CVE-2026-20948.

Direct download links and technical documentation are available within each respective Knowledge Base (KB) article on the Microsoft catalog.

Click-to-Run (C2R) Version Updates

Modern Office deployments (Office 2019, 2021, 2024, and Microsoft 365) receive updates directly through the suite’s internal update engine. Verify your installation matches the build numbers below to ensure protection.

Retail and Subscription Channels:

  • Current Channel: Version 2512 (Build 19530.20144)
  • Office 2024 Retail: Version 2512 (Build 19530.20144)
  • Office 2021 Retail: Version 2512 (Build 19530.20144)

Enterprise Channels:

  • Monthly Enterprise: Versions 2511 (Build 19426.20260), 2510 (Build 19328.20292), and 2509 (Build 19231.20300)
  • Semi-Annual Enterprise: Versions 2508 (Build 19127.20484), 2502 (Build 18526.20696), and 2408 (Build 17928.20762)

Volume Licensed Versions:

  • Office LTSC 2024: Version 2408 (Build 17932.20638)
  • Office LTSC 2021: Version 2108 (Build 14334.20468)
  • Office 2019: Version 1808 (Build 10417.20083)

Server Infrastructure Updates

Microsoft also secured SharePoint and Office Online Server environments. Administrators managing on-premise servers must apply these patches to prevent server-side exploitation.

  • SharePoint Server Subscription Edition: KB5002822
  • SharePoint Server 2019: KB5002825 (Core) and KB5002823 (Language Pack)
  • SharePoint Server 2016: KB5002828 (Enterprise) and KB5002827 (Language Pack)
  • Office Online Server: KB5002824