Is the Outlook CVE-2026-40361 flaw already being exploited?

À ce jour, Microsoft confirme que la faille n'est pas encore exploitée dans la nature. C'est une bonne nouvelle — mais Microsoft l'a classée 'exploitation plus probable', ce qui signifie que des hackers vont tenter de l'utiliser prochainement. Mettez à jour Windows maintenant pendant qu'il est encore temps.

How do I update Outlook and Word to fix this flaw?

Allez dans Paramètres Windows → Windows Update → Rechercher des mises à jour. Installez toutes les mises à jour disponibles, notamment la mise à jour cumulative de mai 2026. Pour Microsoft 365, les mises à jour se font automatiquement si vous avez activé les mises à jour automatiques dans les options d'Office.

Which versions of Office are affected by CVE-2026-40361?

La faille affecte Microsoft 365 Apps for Enterprise, Office 2024, Office 2021, Office 2019 et Office 2016. Toutes ces versions ont reçu un correctif lors du Patch Tuesday de mai 2026. Vérifiez que vos mises à jour sont bien installées.

How to protect myself while waiting to update?

En attendant la mise à jour, configurez Outlook pour afficher les emails en texte brut uniquement — cela réduit le risque. Désactivez également le volet de prévisualisation des pièces jointes dans Outlook. Mais la seule vraie protection est d'installer le correctif de mai 2026.

🪟 Microsoft 🚨 Action required

Critical Outlook Flaw: One Email Can Hack Your PC Without Any Click — Update Windows Now

📅 19 May 2026 ⏱️ 4 min de lecture ✓ Sources: Microsoft MSRC, SecurityWeek, BleepingComputer, IT-Connect

Microsoft has just patched a critical flaw in Outlook and Word — CVE-2026-40361. What makes it particularly dangerous: you don't need to click on anything at all. A hacker simply needs to send you a specially crafted email, and your computer can be hacked just by previewing it. The fix exists — but if you haven't updated Windows, you are vulnerable right now.

8.4

CVSS severity score — "High severity"

120

Flaws patched by Microsoft this month

Click needed — the flaw triggers itself

🔔

Do this now: Go to Windows Settings → Windows Update → Check for updates → Install all. This takes 10 minutes and keeps you safe.

📧 How does this flaw work?

CVE-2026-40361 is a "zero-click" flaw — meaning it requires no action on your part to hack you. Here's what happens:

A hacker sends you an email containing a specially crafted Word or RTF document
As soon as the email appears in your Outlook preview pane — even without opening it — the flaw triggers
The hacker can then execute any code on your computer remotely
They can install a virus, steal your passwords, encrypt your files (ransomware) or spy on your activity

Security researcher Haifei Li, who discovered and reported the flaw, compared CVE-2026-40361 to a vulnerability he found over 10 years ago — dubbed "BadWinmail" — which he called an "enterprise killer" at the time. He explains: "Anyone could compromise a CEO or CFO just by sending them an email. The threat perfectly bypasses enterprise firewalls and is delivered directly to the inbox."

⚠️ Why this is particularly dangerous

The flaw triggers in the preview pane — no need to open the email
It bypasses antivirus and firewalls — no suspicious attachment to detect
It is invisible — you see nothing unusual
Microsoft rates it "exploitation more likely" — hackers will attempt to use it
It affects Outlook and Word — two of the most widely used software in the world

💻 Which versions are affected?

The flaw affects all these versions of Microsoft Office:

📧 Microsoft 365 (subscription)

📄 Office 2024

📄 Office 2021

📄 Office 2019

📄 Office 2016

🖥️ Exchange Server

In short: if you use Outlook or Word on Windows, you are potentially affected.

✅ How to protect yourself — step by step

1

Update Windows now Start → Settings → Windows Update → Check for updates → Install all. Restart if prompted. This is the only real protection.
2

Update Microsoft Office / Microsoft 365 In Word or Outlook: File → Account → Update Options → Update Now. If you have Microsoft 365, updates are normally automatic.
3

Meanwhile: disable the preview pane in Outlook View → Reading Pane → Off. This reduces the risk while waiting for the update.
4

Configure Outlook to plain text only File → Options → Trust Center → Trust Center Settings → Email Security → Read all standard mail in plain text.
5

Alert your family and colleagues If family members or colleagues use Outlook, share this article — they may be vulnerable without knowing it.

✅ Good news — the fix exists

Microsoft published the fix in the May 2026 Patch Tuesday
The flaw is not yet exploited in the wild — you still have time to protect yourself
The update is free and automatic via Windows Update
Once updated, you are protected against this specific flaw

❓ Questions fréquentes

To date, Microsoft confirms the flaw is not yet exploited in the wild. That's good news — but Microsoft rates it "exploitation more likely", meaning hackers will attempt to use it soon. Update Windows now while you still have time.

Go to Windows Settings → Windows Update → Check for updates. Install all available updates, especially the May 2026 cumulative update. For Microsoft 365, updates happen automatically if you have enabled automatic updates in Office settings.

The flaw affects Microsoft 365, Office 2024, Office 2021, Office 2019 and Office 2016. All these versions received a fix in the May 2026 Patch Tuesday. Check that your updates are installed.

While waiting for the update, configure Outlook to display emails in plain text only — this reduces the risk. Also disable the preview pane in Outlook. But the only real protection is installing the May 2026 fix.

💡 Vous aimerez peut-être aussi

🤖 Android Android zero-click flaw — update your phone → 🏦 Banking virus TrickMo drains your bank account live → 🛡️ Guide Which antivirus to choose in 2026? → 🎯 Quiz Scam or Not? Test your instincts! →

Questions about your Windows computer security?

CyberGuard answers all your questions — free, no jargon, in plain language.

🤖 Talk to CyberGuard →

📖 Complete guide — Protect Your Family Online

30 pages · Windows, emails, viruses, scams · Instant PDF

Buy $6.90 →