- Microsoft's latest Patch Tuesday release fixes 83 flaws
- Including an Excel bug which enables AI-driven zero-click data theft
- Update urged to block exfiltration via Copilot assistant
The March 2026 Patch Tuesday release from Microsoft has fixed a high-severity vulnerability in Excel, which combines good old cross-site scripting (XSS) with indirect prompt injection for data exfiltration via Artificial Intelligence (AI).
Since AI gave an old vulnerability a new twist, some security researchers described it as “fascinating” - and it being a “zero-click” attack didn’t help, either.
In its security advisory, Microsoft described the bug as an “improper neutralization of input” vulnerability which happens during web page generation, allowing unauthorized attackers to disclose information over a network. It is now tracked as CVE-2026-26144 and was given a severity score of 7.5/10 (high).
Patches and workarounds
The bug revolves around Excel improperly neutralizing input. Usually, when a threat actor sends an Excel file containing a malicious link or similar, the program should neutralize that input by removing the link or deleting malicious content. However, since the program doesn’t do it properly, the input can get executed even if the victim doesn’t actually open the file, but rather just views it in the preview pane.
Now, we add AI to the mix. Newer versions of Excel come with Microsoft’s GenAI assistant, Copilot. If the malicious input tells the AI to exfiltrate sensitive data to a third-party server, and Excel doesn’t neutralize it on time, the task can get executed even from the preview pane.
The best way to go about it is to simply deploy the update. However, if you can’t do that immediately, you could restrict outbound traffic from Office applications and keep a close eye on network requests from Excel processes. Disabling Copilot Agent could help, as well.
While this bug grabbed all the headlines, it’s not the only one being addressed in this month’s patch. In fact, Microsoft cleaned up a total of 83 vulnerabilities, including eight that the software-maker deemed critical.
Via The Register
