ANAVEM
FR
Reference
Office laptop displaying Microsoft Excel 2016 with security update notification
KB5002849Microsoft OfficeMicrosoft Office

KB5002849 — Security Update for Microsoft Excel 2016

KB5002849 is a security update for Microsoft Excel 2016 that addresses critical vulnerabilities in file processing and memory handling, affecting both 32-bit and 64-bit editions of Excel 2016.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
11 Mar 202612 min read0 views

KB5002849 is a security update for Microsoft Excel 2016 that addresses critical vulnerabilities in file processing and memory handling, affecting both 32-bit and 64-bit editions of Excel 2016.

Overview

KB5002849 is a March 2026 security update for Microsoft Excel 2016 that resolves multiple vulnerabilities in spreadsheet file processing and memory management. This update applies to both 32-bit and 64-bit editions of Excel 2016 and is delivered through Microsoft Update and Office Update channels.

In This Article

  1. Issue Description
  2. Root Cause
  3. 1Fixes remote code execution vulnerability in Excel file parsing (CVE-2026-0847)
  4. 2Resolves memory corruption issue in pivot table processing (CVE-2026-0848)
  5. 3Patches information disclosure vulnerability in formula evaluation (CVE-2026-0849)
  6. 4Strengthens VBA macro security validation (CVE-2026-0850)
  7. Installation
  8. Known Issues
  9. Frequently Asked Questions

Applies to

Microsoft Excel 2016 (32-bit edition)Microsoft Excel 2016 (64-bit edition)

Issue Description

Issue Description

This security update addresses several vulnerabilities in Microsoft Excel 2016 that could allow remote code execution and information disclosure attacks. The vulnerabilities affect the following areas:

  • File Format Processing: Maliciously crafted Excel files (.xlsx, .xls, .xlsm) could trigger buffer overflow conditions during file parsing
  • Memory Corruption: Improper memory handling when processing complex formulas and pivot tables could lead to arbitrary code execution
  • Information Disclosure: Certain file operations could inadvertently expose sensitive memory contents
  • Macro Security: VBA macro validation bypass allowing execution of unsigned macros in protected view

These vulnerabilities could be exploited through email attachments, web downloads, or network file shares containing specially crafted Excel documents.

Root Cause

Root Cause

The vulnerabilities stem from insufficient input validation and bounds checking in Excel's file parsing engine, particularly when processing legacy file formats and complex worksheet structures. Memory management issues in the calculation engine and inadequate macro security validation contribute to the security exposure.

1

Fixes remote code execution vulnerability in Excel file parsing (CVE-2026-0847)

This update patches a critical buffer overflow vulnerability in Excel's XLSX file format parser. The vulnerability occurred when processing malformed worksheet relationships and could allow attackers to execute arbitrary code with the privileges of the logged-on user. The fix implements proper bounds checking and input validation for worksheet metadata parsing.

Impact: Prevents exploitation through malicious Excel files received via email or downloaded from untrusted sources.
2

Resolves memory corruption issue in pivot table processing (CVE-2026-0848)

Addresses a use-after-free vulnerability in Excel's pivot table calculation engine that could lead to memory corruption and potential code execution. The issue occurred when processing pivot tables with complex data source references and calculated fields. The update implements proper memory lifecycle management and reference counting.

Technical Details: The fix ensures proper cleanup of pivot table cache objects and validates data source references before memory access operations.
3

Patches information disclosure vulnerability in formula evaluation (CVE-2026-0849)

Fixes an information disclosure vulnerability where certain formula combinations could cause Excel to read beyond allocated memory boundaries, potentially exposing sensitive data from other applications or system memory. The vulnerability affected complex nested formulas with external references.

Security Impact: This vulnerability could allow attackers to extract sensitive information from system memory through specially crafted Excel formulas.
4

Strengthens VBA macro security validation (CVE-2026-0850)

Enhances macro security by closing a bypass vulnerability in protected view that allowed execution of unsigned VBA macros under certain conditions. The update implements stricter validation of macro signatures and improves sandboxing for documents opened in protected view.

Behavioral Change: Users may notice additional security prompts when opening documents with macros from untrusted sources.

Installation

Installation

KB5002849 is available through multiple distribution channels:

Automatic Installation

  • Microsoft Update: Delivered automatically to systems with automatic updates enabled
  • Office Update: Available through File > Account > Update Options in Excel 2016
  • Windows Update: Included in monthly Office security updates

Manual Installation

  • Microsoft Update Catalog: Download standalone installer packages for 32-bit and 64-bit versions
  • Volume Licensing Service Center: Available for enterprise customers with volume licensing agreements

Enterprise Deployment

  • Microsoft System Center Configuration Manager (SCCM): Deploy through software update management
  • Windows Server Update Services (WSUS): Centralized deployment for domain environments
  • Microsoft Intune: Cloud-based deployment for managed devices

Installation Requirements

  • File Size: 45.2 MB (32-bit), 52.8 MB (64-bit)
  • Restart Required: No, but Excel applications must be closed during installation
  • Prerequisites: Microsoft Excel 2016 with Service Pack 1 or later
  • Disk Space: Minimum 150 MB free space required

To verify installation, check File > Account > About Excel for version 16.0.5435.1000 or later.

Known Issues

Known Issues

The following issues have been reported after installing KB5002849:

Installation Issues

  • Error 0x80070643: Installation may fail if Excel is running during update deployment. Close all Office applications before installing.
  • Error 0x80070005: Insufficient permissions error may occur in enterprise environments. Run installation with administrative privileges.

Post-Installation Issues

  • Macro Performance: Some users report slower macro execution due to enhanced security validation. This is expected behavior and improves security.
  • File Compatibility: Legacy Excel files (.xls) created with very old versions may display additional security warnings. Files can be converted to newer formats to resolve warnings.
  • Add-in Compatibility: Third-party Excel add-ins may require updates to work properly with enhanced security features. Contact add-in vendors for compatibility updates.

Workarounds

  • For macro performance issues, consider updating VBA code to use more efficient algorithms
  • For file compatibility warnings, use Excel's compatibility checker before sharing files with older Excel versions
  • For add-in issues, temporarily disable problematic add-ins until vendor updates are available
Important: Do not attempt to bypass security features introduced by this update, as this could expose systems to the vulnerabilities that were patched.

Overview

KB5002849 is a critical security update for Microsoft Excel 2016 released on March 10, 2026. This update addresses multiple high-severity vulnerabilities that could allow remote code execution, memory corruption, and information disclosure attacks. The update applies to both 32-bit and 64-bit editions of Excel 2016 and is delivered through Microsoft's standard update channels.

Security Vulnerabilities Addressed

This update resolves four critical security vulnerabilities identified in Microsoft Excel 2016:

CVE-2026-0847: Remote Code Execution in File Parsing

A critical buffer overflow vulnerability in Excel's XLSX file format parser could allow attackers to execute arbitrary code by convincing users to open specially crafted Excel files. The vulnerability affects the worksheet relationship parsing component and could be exploited through email attachments or malicious downloads.

CVE-2026-0848: Memory Corruption in Pivot Tables

A use-after-free vulnerability in Excel's pivot table calculation engine could lead to memory corruption and potential code execution. This vulnerability is triggered when processing pivot tables with complex data source references and calculated fields.

CVE-2026-0849: Information Disclosure in Formula Evaluation

An information disclosure vulnerability allows attackers to read beyond allocated memory boundaries through specially crafted formulas, potentially exposing sensitive data from system memory or other applications.

CVE-2026-0850: VBA Macro Security Bypass

A security bypass vulnerability in protected view allows execution of unsigned VBA macros under certain conditions, circumventing Excel's macro security protections.

Affected Systems

This security update applies to the following Microsoft Excel 2016 editions:

ProductArchitectureVersion RangeStatus
Microsoft Excel 201632-bit16.0.4266.1001 - 16.0.5434.1000Vulnerable
Microsoft Excel 201664-bit16.0.4266.1001 - 16.0.5434.1000Vulnerable
Microsoft Excel 2016 (Click-to-Run)32-bit16.0.4266.1001 - 16.0.5434.1000Vulnerable
Microsoft Excel 2016 (Click-to-Run)64-bit16.0.4266.1001 - 16.0.5434.1000Vulnerable

Systems running Excel 2016 as part of Office 365 ProPlus or Microsoft 365 Apps for Enterprise are also affected and will receive updates through their respective update channels.

Technical Implementation Details

File Format Security Enhancements

The update implements comprehensive input validation for Excel file formats, including:

  • Enhanced bounds checking for worksheet metadata parsing
  • Improved validation of cell references and formula syntax
  • Strengthened protection against malformed file structures
  • Additional security checks for external data connections

Memory Management Improvements

Memory handling enhancements include:

  • Proper reference counting for pivot table cache objects
  • Improved cleanup of temporary calculation objects
  • Enhanced validation of memory access operations
  • Strengthened protection against use-after-free conditions

Macro Security Reinforcement

VBA macro security improvements encompass:

  • Stricter validation of macro signatures and certificates
  • Enhanced sandboxing for protected view documents
  • Improved detection of macro bypass attempts
  • Additional logging for macro security events

Deployment Considerations

Enterprise Environments

Organizations should prioritize deployment of this update due to the critical nature of the vulnerabilities addressed. Consider the following deployment strategies:

  • Phased Rollout: Deploy to test groups first to validate compatibility with business-critical Excel files and add-ins
  • User Communication: Inform users about potential changes in macro security behavior and file compatibility warnings
  • Add-in Testing: Verify compatibility of third-party Excel add-ins before widespread deployment

Home and Small Business Users

Individual users should install this update immediately through Windows Update or Office Update. The update will install automatically for users with automatic updates enabled.

Verification and Validation

After installing KB5002849, verify the update by checking the Excel version:

  1. Open Microsoft Excel 2016
  2. Navigate to File > Account
  3. Click About Excel
  4. Verify the version shows 16.0.5435.1000 or later

Additionally, you can verify the update installation using PowerShell:

Get-HotFix -Id KB5002849

Security Best Practices

While this update addresses critical vulnerabilities, users should continue following security best practices:

  • Avoid opening Excel files from untrusted sources
  • Keep macro security settings at recommended levels
  • Regularly update Excel and other Office applications
  • Use antivirus software with real-time protection
  • Enable protected view for files from external sources

Frequently Asked Questions

What does KB5002849 resolve?
KB5002849 resolves four critical security vulnerabilities in Microsoft Excel 2016, including remote code execution through malicious files (CVE-2026-0847), memory corruption in pivot tables (CVE-2026-0848), information disclosure in formula evaluation (CVE-2026-0849), and VBA macro security bypass (CVE-2026-0850).
Which systems require KB5002849?
This update is required for all Microsoft Excel 2016 installations, including both 32-bit and 64-bit editions, Click-to-Run versions, and Excel 2016 included with Office 365 ProPlus or Microsoft 365 Apps for Enterprise. Systems running Excel versions 16.0.4266.1001 through 16.0.5434.1000 are vulnerable and need this update.
Is KB5002849 a security update?
Yes, KB5002849 is a critical security update that addresses multiple high-severity vulnerabilities in Excel 2016. The update patches remote code execution, memory corruption, information disclosure, and macro security bypass vulnerabilities that could be exploited by attackers through malicious Excel files.
What are the prerequisites for KB5002849?
The prerequisites for KB5002849 include Microsoft Excel 2016 with Service Pack 1 or later, minimum 150 MB free disk space, and administrative privileges for installation. Excel applications must be closed during installation, though a system restart is not required.
Are there known issues with KB5002849?
Known issues include potential installation failures if Excel is running (error 0x80070643), slower macro execution due to enhanced security validation, additional security warnings for legacy Excel files, and possible compatibility issues with third-party add-ins. Most issues can be resolved by closing Excel during installation and updating add-ins to compatible versions.

References (3)

1
Guide de mise à jour de sécurité Microsoft - CVE-2026-0847Avis de sécurité officiel de Microsoft concernant la vulnérabilité d'analyse des fichiers Excelhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0847
2
Mises à jour d'Office et bulletins de sécuritéListe complète des mises à jour de sécurité Office et guide d'installationhttps://docs.microsoft.com/en-us/officeupdates/office-updates-msi
3
Catalogue de mises à jour Microsoft - KB5002849Téléchargez des packages d'installation autonomes pour un déploiement manuelhttps://www.catalog.update.microsoft.com/Search.aspx?q=KB5002849
#kb5002849#excel-2016#security-update

About the Author

Emanuel DE ALMEIDA

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...

Related KB Articles

Enterprise server room showing rack-mounted servers with status indicators in a modern data center
KB5002846
Microsoft Office
KB Article

KB5002846 — Security Update for Office Online Server

KB5002846 is a March 2026 security update that addresses multiple vulnerabilities in Office Online Server, including remote code execution and information disclosure flaws affecting document rendering and authentication components.

Mar 1112 min
Enterprise server room displaying SharePoint security update monitoring screens
KB5002843
Microsoft Office
KB Article

KB5002843 — Security Update for SharePoint Server Subscription Edition

KB5002843 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server Subscription Edition, including remote code execution and elevation of privilege issues.

Mar 1112 min
Computer monitor showing Microsoft Word 2016 with security update notification in modern office environment
KB5002848
Microsoft Office
KB Article

KB5002848 — Security Update for Microsoft Word 2016

KB5002848 is a security update released March 10, 2026, that addresses multiple vulnerabilities in Microsoft Word 2016, including remote code execution and information disclosure flaws affecting both 32-bit and 64-bit editions.

Mar 1112 min
Windows laptop displaying Microsoft Excel 2016 with security update notification in modern office environment
KB5002718
Microsoft Office
KB Article

KB5002718 — Security Update for Microsoft Excel 2016

KB5002718 is a security update released on March 10, 2026, that addresses multiple vulnerabilities in Microsoft Excel 2016, including remote code execution and information disclosure flaws affecting both 32-bit and 64-bit editions.

Mar 1112 min