How do you fix the March 2026 Microsoft Office security vulnerabilities?

Home » Cybersecurity » How do you fix the March 2026 Microsoft Office security vulnerabilities?

Table of Contents

Are your systems protected from the latest Microsoft Excel remote code execution flaws?
March 2026 Security Updates
Office 2016 Security Patches
Click-To-Run Release Versions
Server and SharePoint Updates
Out of Support Software

Are your systems protected from the latest Microsoft Excel remote code execution flaws?

March 2026 Security Updates

On March 10, 2026, Microsoft issued essential security updates across the Office ecosystem to address severe vulnerabilities. Administrators must apply these patches immediately to protect networks against critical remote code execution exploits targeting Excel and Word. Microsoft distributes these fixes differently based on your installation type, utilizing direct Knowledge Base (KB) patches for MSI installers and automated background updates for Click-to-Run (C2R) environments.

Office 2016 Security Patches

Microsoft released critical KB patches for the MSI version of Office 2016. Network administrators must manually deploy these updates to secure vulnerable local installations.

KB5002849 resolves Excel remote code execution vulnerabilities including CVE-2026-26109, CVE-2026-26108, CVE-2026-26107, and CVE-2026-26112.
KB5002838 secures general Office components against vulnerability CVE-2026-26110.
KB5002848 protects Word installations from remote code execution flaw CVE-2026-26113.
KB5002718 provides additional Office-wide protection to mitigate CVE-2026-26108.

Click-To-Run Release Versions

Modern Office iterations, including versions 2019, 2021, and 2024, utilize the C2R delivery framework rather than standalone patches. The suite downloads and applies these security fixes natively through the built-in update tool. IT teams should verify their systems successfully transitioned to the following secured build numbers.

Current Channel and Retail versions of Office 2021 and 2024 update to Version 2602 (Build 19725.20172).
Monthly Enterprise Channel requires Version 2602 (Build 19725.20170), Version 2512 (Build 19530.20260), or Version 2511 (Build 19426.20314).
Semi-Annual Enterprise Channel needs Version 2508 (Build 19127.20570).
Volume licensed Office LTSC 2024 requires Version 2408 (Build 17932.20700).
Volume licensed Office LTSC 2021 requires Version 2108 (Build 14334.20570).
Volume licensed Office 2019 requires Version 1808 (Build 10417.20108).

Server and SharePoint Updates

Administrators managing on-premises infrastructure must deploy corresponding patches to secure server environments. Microsoft provided specific update packages for various SharePoint and Office Online configurations.

SharePoint Server Subscription Edition requires KB5002843.
SharePoint Server 2019 requires KB5002845 for the primary server and KB5002847 for the language pack.
SharePoint Server 2016 requires KB5002850 for the enterprise server and KB5002851 for the language pack.
Office Online Server requires KB5002846.

Out of Support Software

Microsoft officially ended standard support for Office 2016 and Office 2019, yet the severity of these specific vulnerabilities prompted the company to release exceptional updates this month. Organizations should upgrade these legacy systems promptly to maintain continuous compliance and network security. Alternatively, third-party security vendors like 0patch will offer continued micro-patching support for these older platforms after October 2025.