Ethical Hacking News
Critical Microsoft Excel Bug Exposed: How AI-Powered Copilot Agent Became a Zero-Click Threat to Sensitive Data
A newly disclosed vulnerability in Microsoft Excel's AI-powered Copilot Agent has raised alarm bells among security experts, who warn that it could be exploited to steal sensitive personal and financial data via zero-click attacks. The bug, identified as CVE-2026-26144, is considered critical and can be weaponized by hackers to exfiltrate data via unintended network egress.
The critical security flaw in Microsoft Excel (CVE-2026-26144) can be exploited for a zero-click information disclosure attack, enabling hackers to steal sensitive data without user interaction. The vulnerability requires network access but no privilege escalation, making it particularly concerning as malicious actors could extract confidential information silently. Experts recommend restricting outbound network traffic from Office applications, monitoring unusual network requests, and disabling Copilot Agent until applying the fix to mitigate the risk.
Microsoft's Patch Tuesday update revealed a concerning security flaw in the company's popular spreadsheet software, Microsoft Excel. The vulnerability, identified as CVE-2026-26144, is a critical-severity information disclosure bug that can be exploited to cause Copilot Agent mode to exfiltrate data via unintended network egress, enabling a zero-click information disclosure attack.
According to Dustin Childs, chief bug hunter at the Zero Day Initiative, the vulnerability "is fascinating" and has an AI-attack component. This means that hackers could potentially use this exploit to steal sensitive data without needing any user interaction or privilege escalation.
The bug requires network access to exploit, but no user interaction or privilege escalation is necessary. This makes it a particularly concerning threat, as malicious actors could potentially use this vulnerability to extract confidential information from internal systems without triggering obvious alerts.
"This is an attack scenario we're likely to see more often," Childs noted in a statement. "Information disclosure vulnerabilities are especially dangerous in corporate environments where Excel files often contain financial data, intellectual property, or operational records."
Alex Vovk, CEO and co-founder of Action1, echoed this concern, stating that if exploited, attackers could silently extract confidential information from internal systems without triggering obvious alerts.
"Information disclosure vulnerabilities are especially dangerous in corporate environments," Vovk said. "If exploited, attackers could steal sensitive data without triggering obvious alerts."
To mitigate the risk associated with this vulnerability, experts recommend restricting outbound network traffic from Office applications, monitoring unusual network requests generated by Excel processes, and disabling or limiting Copilot Agent until applying the fix.
The two known publicly disclosed Microsoft bugs listed as not under exploitation include CVE-2026-26127, an out-of-bounds read issue in .NET that allows an unauthorized attacker to deny service over a network. Despite being publicly disclosed, Redmond deems "exploitation unlikely."
Additionally, CVE-2026-21262 is due to improper access control in SQL Server that allows an authorized attacker to elevate privileges over a network. Microsoft said that this one is "less likely" to be exploited in the wild.
Another critical-rated bug, CVE-2026-26110, is a type confusion flaw in Microsoft Office that allows a remote attacker to execute code locally. Similarly, CVE-2026-26113 is caused by an untrusted pointer dereference flaw in Microsoft Office, which also allows remote attackers to execute code locally.
These bugs have become increasingly common over the last year, with experts warning that it's just a matter of time until they start appearing in active exploits.
"It's like a doorway directly into the system," said Jack Bicer, director of vulnerability research at Action1. "When a simple document preview can trigger code execution, attackers gain a doorway directly into the system."
The discovery of this critical vulnerability highlights the importance of keeping software up to date and following best practices for security.
In related news, hackers have been exploiting vulnerabilities in WordPress sites to push infostealers via fake CAPTCHA prompts. Additionally, an AI-powered chatbot was hacked by attackers who gained full read-write access in just two hours.
As companies continue to rely on Microsoft's tools to manage their data, it's essential that they take proactive steps to patch these vulnerabilities and protect themselves against the increasing threat of zero-day exploits.
Related Information:
https://www.ethicalhackingnews.com/articles/Critical-Microsoft-Excel-Bug-Exposed-How-AI-Powered-Copilot-Agent-Became-a-Zero-Click-Threat-to-Sensitive-Data-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/03/10/zeroclick_microsoft_info_disclosure_bug/
https://www.theregister.com/2026/03/10/zeroclick_microsoft_info_disclosure_bug/
https://securityshelf.com/2026/03/10/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack/
https://nvd.nist.gov/vuln/detail/CVE-2026-26144
https://www.cvedetails.com/cve/CVE-2026-26144/
https://nvd.nist.gov/vuln/detail/CVE-2026-26127
https://www.cvedetails.com/cve/CVE-2026-26127/
https://nvd.nist.gov/vuln/detail/CVE-2026-21262
https://www.cvedetails.com/cve/CVE-2026-21262/
https://nvd.nist.gov/vuln/detail/CVE-2026-26110
https://www.cvedetails.com/cve/CVE-2026-26110/
https://nvd.nist.gov/vuln/detail/CVE-2026-26113
https://www.cvedetails.com/cve/CVE-2026-26113/
Published: Tue Mar 10 16:38:49 2026 by llama3.2 3B Q4_K_M
