Microsoft Patches Zero-Days, Including Excel/Copilot Bug

One of the zero-days (CVE-2026-0001) is an elevation of privilege vulnerability in Windows Kernel, exploited in the wild. Successful exploitation allows attackers to gain SYSTEM privileges. The other zero-day (CVE-2026-0002) is a security feature bypass vulnerability in Windows SmartScreen. Attackers can bypass warnings that would normally be displayed when opening files from the internet. The critical Excel bug can be exploited to achieve remote code execution (RCE) through a specially crafted Excel file, potentially weaponizing Copilot Agent interactions. This vulnerability poses a significant risk, especially in environments where users frequently interact with external Excel files or Copilot-driven workflows. Organizations should prioritize patching these vulnerabilities, especially CVE-2026-0001 and CVE-2026-0002, given their active exploitation. Consider developing Splunk detections focused on monitoring for unusual process execution and file access patterns indicative of exploit attempts.