KB5002718 — Security Update for Microsoft Excel 2016

Overview

KB5002718 is a critical security update for Microsoft Excel 2016 released on March 10, 2026. This update addresses multiple high-severity vulnerabilities that could allow remote code execution, information disclosure, and memory corruption attacks through specially crafted Excel files.

Affected Systems

This security update applies to the following Microsoft Excel 2016 editions:

Security Vulnerabilities Addressed

This update resolves four critical security vulnerabilities:

CVE-2026-0847: Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly validate input. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. Exploitation requires user interaction, typically opening a malicious Excel file.

CVE-2026-0848: Information Disclosure Vulnerability

An information disclosure vulnerability exists when Excel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. Exploitation could occur through specially crafted formulas or external data connections.

CVE-2026-0849: Memory Corruption Vulnerability

A memory corruption vulnerability exists in Excel's chart rendering engine. An attacker could exploit this vulnerability by convincing a user to open a specially crafted file containing malicious chart objects, potentially leading to code execution or application crashes.

Enhanced Security for External Connections

This update also strengthens security controls for external data connections, web queries, and database connections to prevent potential security bypasses and unauthorized data access.

Installation Requirements

Before installing KB5002718, verify the following system requirements:

• Operating System: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, or Windows Server 2022
• Microsoft Excel 2016: Any edition (32-bit or 64-bit)
• Disk Space: Minimum 500 MB free space
• User Rights: Administrative privileges required for installation
• Network: Internet connection for automatic updates

Deployment Methods

Automatic Updates

For most users, KB5002718 will be automatically downloaded and installed through Microsoft Update. The update is classified as Important and will be included in the regular update cycle.

Manual Installation

Enterprise administrators can manually deploy this update using:

• Microsoft Update Catalog downloads
• Windows Server Update Services (WSUS)
• System Center Configuration Manager
• Microsoft Intune for cloud-managed devices

Verification Commands

To verify successful installation, use the following PowerShell command:

Get-HotFix -Id KB5002718

Or check through Control Panel > Programs and Features > View installed updates.

Security Impact

Installing KB5002718 provides the following security improvements:

• Prevents Remote Code Execution: Blocks exploitation of file parsing vulnerabilities
• Stops Information Disclosure: Prevents unauthorized memory access through malicious formulas
• Eliminates Memory Corruption: Fixes chart rendering vulnerabilities
• Strengthens Data Connections: Enhanced validation for external data sources

Compatibility and Testing

Microsoft has tested KB5002718 for compatibility with common Excel usage scenarios, including:

• Standard spreadsheet operations and formulas
• Chart creation and editing
• External data connections and queries
• Macro-enabled workbooks
• Add-in compatibility
• Integration with other Office applications

No significant compatibility issues have been identified during testing. However, organizations should test the update in their specific environment before widespread deployment.