Ref# ADV2026_171 Microsoft Security Advisory – January | Date: Mar 20th 2026

---

Microsoft published security advisories highlighting vulnerabilities in multiple products on January 13th, 2026. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• Azure Connected Machine Agent 
• Azure Core shared client library for Python 
• Microsoft 365 Apps for Enterprise 
• Microsoft Excel 2016 
• Microsoft Office 2016 
• Microsoft Office 2019 
• Microsoft Office Deployment Tool 
• Microsoft Office LTSC 2021 
• Microsoft Office LTSC 2024 
• Microsoft Office LTSC for Mac 2021 
• Microsoft Office LTSC for Mac 2024 
• Microsoft SQL Server 2022 
• Microsoft SQL Server 2025 
• Microsoft SharePoint Enterprise Server 2016 
• Microsoft SharePoint Server 2019 
• Microsoft SharePoint Server Subscription Edition 
• Microsoft Word 2016 
• Office Online Server 
• Windows 10 
• Windows 11 
• Windows Admin Center in Azure Portal 
• Windows SDK 
• Windows Server 2008 
• Windows Server 2008 R2 
• Windows Server 2012 
• Windows Server 2012 R2 
• Windows Server 2016 
• Windows Server 2019 
• Windows Server 2022 
• Windows Server 2025 

Update 1
Microsoft published an out-of-band security advisory to address an important vulnerability CVE-2026-21509 on January 26, 2026. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-21509 to their Known Exploited Vulnerabilities (KEV) Database as well, on January 26, 2026. Microsoft has received reports that CVE-2026-20805 and CVE-2026-21509 are being exploited. 

Update 2
Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20963 to their Known Exploited Vulnerabilities (KEV) Database on March 18, 2026. 

For more information on these updates, you can follow these URL: 

• January 2026 Security Updates 
• Security Update Guide 
• Microsoft Office Security Feature Bypass Vulnerability 
• CISA KEV: CVE-2026-21509 
• CISA KEV: CVE-2026-20963 

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: Microsoft_Security_Advisory

References 

• January 2026 Security Updates. (n.b.). Retrieved from Microsoft Edge. https://msrc.microsoft.com/update-guide/releaseNote/2026-Jan
• Security Update Guide. (n.b.). Retrieved from Microsoft Edge. https://msrc.microsoft.com/update-guide/en-us 
• Microsoft Office Security Feature Bypass Vulnerability. (January 29, 2026). Retrieved from Microsoft Edge. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509 
• CISA KEV: CVE-2026-21509. (January 26, 2026). Retrieved from Microsoft Edge. https://msrc.microsoft.com/update-guide/en-us 
• CISA KEV: CVE-2026-20963. (January 25, 2026). Retrieved from Microsoft Edge. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21509 
• Microsoft Edge security advisory – January 2026 monthly rollup. (March 19, 2026). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-january-2026-monthly-rollup-av26-024