Bottom line: A disabled authentication protection measure in Microsoft Office apps for Android opens attackers access to Microsoft 365 accounts and data.
A disabled security setting in the Android versions of Word, PowerPoint and Excel enables attackers to steal access credentials and enterprise data. The vulnerability affects authentication security for core Microsoft 365 applications.
In the Android versions of Word, PowerPoint and Excel, a security setting was disabled that was intended to protect authentication mechanisms. Through this configuration, attackers were able to manipulate authentication processes and thereby intercept access credentials to Microsoft 365 accounts.
For CISOs, this represents a significant risk to mobile workplace security: when employees use Office applications on Android devices, their user accounts and the enterprise data stored or processed on them are exposed without this protection measure. This reinforces the requirement for endpoint management and mobile device control as part of NIS2 compliance.
The vulnerability requires immediate review of the affected Android apps in the enterprise environment, an inventory of associated risks, and communication with user groups about secure usage parameters until the release and deployment of security patches by Microsoft.
Source: www.darkreading.com · Published June 3, 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.