Microsoft 365 Apps for Windows (Office 365)

See the latest tracked release, confirm when it was published, and subscribe for update emails.

Monthly Enterprise Channel Current Channel Semi-Annual Enterprise Channel

Current version

Last checked: yesterday

2603 (19822.20182)

Release date: April 14, 2026
CVE status: 25 visible CVEs

Source

Vendor Release Information

Public release notes are linked for the latest stored release.

View release notes Subscribe to updates

Release history

See the latest published releases stored for this product.

Version	Published	Notes
2603 (19822.20182)	2026-04-14	Release Notes
2603 (19822.20168)	2026-04-09	Release Notes
2603 (19822.20142)	2026-03-31	Release Notes
2603 (19822.20114)	2026-03-24	Release Notes
2602 (19725.20190)	2026-03-17	Release Notes
2602 (19725.20172)	2026-03-10	Release Notes

Vulnerability tracking

Review curated CVEs for this product and see whether the current version is marked affected. Only CVEs with a CVSS score of 7.0 or higher and published in the last 90 days are shown.

CVE	Severity	Published	Status	Summary
CVE-2026-33115	HIGH (8.4)	2026-04-14	Current versionunclear	Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Affected versions From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases Show 2 more From (including) 16.0.1 - Up to (excluding) 16.108.26041219 From (including) 16.0.0 - Up to (excluding) 16.108.26041219
CVE-2026-33114	HIGH (8.4)	2026-04-14	Current versionunclear	Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. Affected versions From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases Show 2 more From (including) 16.0.1 - Up to (excluding) 16.108.26041219 From (including) 16.0.0 - Up to (excluding) 16.108.26041219
CVE-2026-33095	HIGH (7.8)	2026-04-14	Current versionunclear	Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Affected versions From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases Show 2 more From (including) 16.0.1 - Up to (excluding) 16.108.26041219 From (including) 16.0.0 - Up to (excluding) 16.108.26041219
CVE-2026-32200	HIGH (7.8)	2026-04-14	Current versionunclear	Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Affected versions From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases Show 1 more From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
CVE-2026-32199	HIGH (7.8)	2026-04-14	Current versionunclear	Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases Show 4 more From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 16.0.1 - Up to (excluding) 16.108.26041219 From (including) 16.0.0 - Up to (excluding) 16.108.26041219 From (including) 16.0.0.0 - Up to (excluding) 16.0.10417.20113
CVE-2026-32198	HIGH (7.8)	2026-04-14	Current versionunclear	Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases Show 4 more From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 16.0.1 - Up to (excluding) 16.108.26041219 From (including) 16.0.0 - Up to (excluding) 16.108.26041219 From (including) 16.0.0.0 - Up to (excluding) 16.0.10417.20113
CVE-2026-32197	HIGH (7.8)	2026-04-14	Current versionunclear	Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases Show 4 more From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 16.0.1 - Up to (excluding) 16.108.26041219 From (including) 16.0.0 - Up to (excluding) 16.108.26041219 From (including) 16.0.0.0 - Up to (excluding) 16.0.10417.20113
CVE-2026-32190	HIGH (8.4)	2026-04-14	Current versionunclear	Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Affected versions From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 16.0.0 - Up to (excluding) 16.0.5548.1000 Show 4 more From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 16.0.1 - Up to (excluding) 16.108.26041219 From (including) 16.0.0 - Up to (excluding) 16.108.26041219
CVE-2026-32189	HIGH (7.8)	2026-04-14	Current versionunclear	Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases Show 4 more From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 16.0.1 - Up to (excluding) 16.108.26041219 From (including) 16.0.0 - Up to (excluding) 16.108.26041219 From (including) 16.0.0.0 - Up to (excluding) 16.0.10417.20113
CVE-2026-32188	HIGH (7.1)	2026-04-14	Current versionunclear	Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Affected versions From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases Show 4 more From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 16.0.1 - Up to (excluding) 16.108.26041219 From (including) 16.0.0 - Up to (excluding) 16.108.26041219 From (including) 16.0.0.0 - Up to (excluding) 16.0.10417.20113
CVE-2026-23657	HIGH (7.8)	2026-04-14	Current versionunclear	Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Affected versions From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
CVE-2026-26144	HIGH (7.5)	2026-03-10	Current versionunclear	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-26134	HIGH (7.8)	2026-03-10	Current versionunclear	Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. Affected versions Up to (excluding) 16.0.19822.20000
CVE-2026-26113	HIGH (8.4)	2026-03-10	Current versionunclear	Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. Affected versions 2016 2019
CVE-2026-26112	HIGH (7.8)	2026-03-10	Current versionunclear	Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions 2019
CVE-2026-26110	HIGH (8.4)	2026-03-10	Current versionunclear	Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. Affected versions Up to (excluding) 16.0.19822.20000
CVE-2026-26109	HIGH (8.4)	2026-03-10	Current versionunclear	Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions 2019
CVE-2026-26108	HIGH (7.8)	2026-03-10	Current versionunclear	Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions 2019
CVE-2026-26107	HIGH (7.8)	2026-03-10	Current versionunclear	Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions 2019
CVE-2026-24285	HIGH (7.0)	2026-03-10	Current versionunclear	Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. Affected versions Up to (excluding) 16.0.19822.20000
CVE-2026-21514	HIGH (7.8)	2026-02-10	Current versionunclear	Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-21511	HIGH (7.5)	2026-02-10	Current versionunclear	Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. Affected versions 2019
CVE-2026-21260	HIGH (7.5)	2026-02-10	Current versionunclear	Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. Affected versions 2019
CVE-2026-21259	HIGH (7.8)	2026-02-10	Current versionunclear	Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally. Affected versions 2019
CVE-2026-21509	HIGH (7.8)	2026-01-26	Current versionunclear	Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally. Affected versions 2016 2019