Office applications

Winsage
July 14, 2026
Microsoft's July 2026 security update addresses 622 vulnerabilities, with 57 classified as "critical." Two critical vulnerabilities, CVE-2026-56155 (Active Directory Federation Services) and CVE-2026-56164 (Microsoft SharePoint Server), have been exploited in the wild. The critical vulnerabilities include 48 remote code execution (RCE) vulnerabilities, seven elevation of privilege (EoP) vulnerabilities, one spoofing vulnerability, and one security feature bypass vulnerability. RCE vulnerabilities affect various Microsoft services, including Windows Media, Microsoft Office, and SQL Server, with eleven rated as "more likely" to be exploited. Additional important vulnerabilities include CVE-2026-49170, CVE-2026-49795, and CVE-2026-50325. Talos is releasing a new Snort ruleset to detect these vulnerabilities, and Cisco Security Firewall customers are advised to update their ruleset.
Winsage
July 14, 2026
Microsoft released its July 2026 Patch Tuesday cumulative updates for Windows 11, addressing numerous security vulnerabilities and enhancing Secure Boot functionalities. The updates include: - KB5101650 for Windows 11 25H2 and 24H2, updating systems to builds 26200.8875 and 26100.8875. - KB5101649 for Windows 11 26H1, updating devices to build 28000.2525. The release addresses a total of 622 Microsoft Common Vulnerabilities and Exposures (CVEs), including: - 416 vulnerabilities in Windows. - Fixes for Microsoft Office, Edge, Exchange Server, SharePoint Server, SQL Server, Defender, and Azure services. Key vulnerabilities fixed include: - CVE-2026-50661: A BitLocker Security Feature Bypass vulnerability. - CVE-2026-56155: An AD FS Elevation of Privilege vulnerability that has been exploited. - CVE-2026-56164: A SharePoint Server Elevation of Privilege vulnerability. The updates also introduce new Secure Boot certificates, rectify issues from previous patches affecting third-party applications, and incorporate curl 8.21.0 for security improvements. Users are advised to back up data before installation, which requires a system reboot.
Winsage
July 3, 2026
Microsoft promoted the Copilot key on social media, branding it as a button with “main character energy,” despite acknowledging that it has negatively impacted productivity for some users. The company plans to allow remapping of the key in an upcoming Windows 11 update. User reactions to the promotion were largely critical, with many expressing dissatisfaction and calling for the removal of the Copilot key. Microsoft had previously admitted that the key caused disruptions in productivity and accessibility workflows. Additionally, only 3.3% of Microsoft 365 users are paying for Copilot, indicating low adoption. Microsoft has distanced its flagship products from the Copilot branding and users have reported preferring alternatives like ChatGPT and Claude over Copilot.
Winsage
July 1, 2026
By December 2026, support for Microsoft Store versions of Office applications will cease, and they will no longer receive security updates. New feature updates for Microsoft 365 Apps installed via the Microsoft Store stopped in October 2025. Users are encouraged to transition to Click-to-Run versions to maintain access to updates and security features. Click-to-Run allows for immediate application usability while downloading in the background and updates automatically. The Office Deployment Tool (ODT) can assist users in transitioning to Click-to-Run versions.
Winsage
June 28, 2026
Microsoft has resumed the automatic installation of the Microsoft 365 Copilot app on eligible commercial Windows 11 devices that use Microsoft 365 desktop applications. The rollout began in mid-June 2026 and is expected to continue into early July. The app is delivered through the Office updater and is enabled by default, requiring organizations to opt out if they do not want it. This initiative excludes countries within the European Economic Area due to stricter regulations. The move aims to simplify access to AI tools but has faced criticism regarding user consent and control over software installations.
Winsage
June 24, 2026
Microsoft is addressing a bug in Windows that affects the Recycle Bin functionality, where the confirmation prompt for permanently deleting files shows internal system filenames instead of the actual file names. This issue impacts all supported versions of Windows 11 and occurs when users attempt to delete files from the Recycle Bin. The Recycle Bin itself displays the correct file names, and file restoration works properly. The bug emerged after the June 9 Patch Tuesday updates and affects Windows 11 versions 23H2 through 26H1 and Windows Server versions from 2012 to 2025. Microsoft is working on a fix for this issue, which will be included in an upcoming update. Additionally, other issues have been reported following the updates, including problems with launching Office applications and stability issues like system crashes and BitLocker recovery prompts.
Winsage
June 20, 2026
Microsoft is offering a lifetime license for Microsoft Office Professional 2021 for Windows at a price of .97, an 86% discount from the regular price of 9.99, as part of their Deal Days event running until June 28. This one-time purchase provides permanent access to essential Office applications, including Word, Excel, PowerPoint, and Outlook, without recurring fees. The software is tied to a single Windows PC and includes instant license delivery and complimentary customer support.
Winsage
June 19, 2026
Microsoft released Patch Tuesday updates for Windows 11, specifically KB5094126 and KB5093998, along with dynamic updates KB5094149, KB5095971, and KB5094156. Two issues have been acknowledged: malfunctioning Office applications and complications with the Recycle Bin. In July 2025, Microsoft changed the default settings of Windows 11 to JScript9Legacy in versions 24H2 and later, continuing with version 25H2 in October 2025. This change aimed to enhance security by addressing vulnerabilities related to legacy scripting, particularly cross-site scripting (XSS). A support article details a compatibility issue arising from the transition from jscript9.dll to jscript9legacy.dll, which affects how JScript manages execution context. Functions and definitions established by one script are no longer accessible to subsequent scripts, leading to failures in legacy applications. To address this, Microsoft released the KB5077241 update, which requires manual activation of persistent JScript execution context through a Registry setting. The steps to implement this solution involve creating a feature control registry key and configuring a DWORD value for specific processes or all processes.
Search