Critical Microsoft Excel bug weaponizes Copilot Agent • The Register

After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn’t exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is under active exploitation, which we’re sure is a welcome change to sysadmins.

Another eight of the 83 Microsoft CVEs are considered critical, and one of these – to quote Zero Day Initiative chief bug hunter Dustin Childs – is “fascinating.” Plus, it’s got an AI-attack component, so we’re going to start with it.

CVE-2026-26144 is a critical-severity information disclosure vulnerability in Microsoft Excel. This cross-site scripting flaw can be exploited to “cause Copilot Agent mode to exfiltrate data via unintended network egress, enabling a zero-click information disclosure attack,” Redmond warned. 

Yes, you read that right: a zero-click bug that weaponizes an Excel spreadsheet and the Copilot Agent to steal data. As Childs notes, it’s “an attack scenario we’re likely to see more often.” 

This bug requires network access to exploit, but no user interaction or privilege escalation.

“Information disclosure vulnerabilities are especially dangerous in corporate environments where Excel files often contain financial data, intellectual property, or operational records,” Action1 CEO and co-founder Alex Vovk told The Register. “If exploited, attackers could silently extract confidential information from internal systems without triggering obvious alerts.”

Patch this one sooner, and if you must delay patch deployment, Vovk suggests restricting outbound network traffic from Office applications, monitoring unusual network requests generated by Excel processes, and disabling or limiting Copilot Agent until applying the fix.

Two known … but not under exploitation

The two Microsoft bugs listed as publicly known, but not exploited at the time of disclosure include CVE-2026-26127, an out-of-bounds read issue in .NET that allows an unauthorized attacker to deny service over a network. Despite it being publicly disclosed, Redmond deems “exploitation unlikely.”

Plus, CVE-2026-21262, also publicly known, is due to improper access control in SQL Server that allows an authorized attacker to elevate privileges over a network. Microsoft said that this one is “less likely” to be exploited in the wild.

Of the eight critical-rated CVEs, two – CVE-2026-26110 and CVE-2026-26113 – are Office remote code execution bugs that can be triggered via the Preview Pane, meaning a user may not need to fully open a malicious file for an attacker to exploit the system.

Beware the Preview Pane

“When a simple document preview can trigger code execution, attackers gain a doorway directly into the system,” Jack Bicer, director of vulnerability research at Action1, told The Register. 

As Childs notes, these have become increasingly common over the last year. “It’s just a matter of time until they start appearing in active exploits,” he said.

CVE-2026-26110 is a type confusion flaw in Microsoft Office that allows a remote attacker to execute code locally. Type confusion occurs when an application accesses a resource using an incompatible data type, causing incorrect memory handling.

CVE-2026-26113 is caused by an untrusted pointer dereference flaw in Microsoft Office, which also allows remote attackers to execute code locally. “The issue occurs when Microsoft Office improperly handles memory pointers, potentially allowing an attacker to manipulate how the application accesses memory,” Bicer said. ®