Microsoft Office users: urgent security alert from CERT-In
CERT-In (Indian Computer Emergency Response Team) issued an alert about Microsoft Office memory-handling vulnerabilities.
These bugs—CVE-2026-20952 and CVE-2026-20953—are Microsoft Office remote code execution vulnerabilities that can let attackers take control of your computer if you open or even just preview a dodgy file.
Microsoft patched them on January 13, so updates are out now.
What's the risk?
If you use Outlook's Preview Pane, attackers could run code on your system without you clicking anything.
This affects anyone using Office 2016 or newer.
It's all about tricking people into opening the wrong file—pretty sneaky stuff.
How to stay safe
Update your Office apps ASAP using Windows Update or the Microsoft Download Center.
For extra peace of mind, turn off the Preview Pane in Outlook until you're sure you're protected.
Why this matters
People rely on Office every day for work and school, so skipping these updates is risky business.
Quick action now means less chance of getting caught by hackers exploiting these flaws.