The Indian Computer Emergency Response Team (CERT-In) has reported critical security vulnerabilities in Microsoft 365 Copilot, specifically CVE-2026-42827 and CVE-2026-41090. These vulnerabilities pose significant risks, including the potential for attackers to execute arbitrary code, steal sensitive information, and disrupt cloud services. CERT-In highlighted issues related to input validation, authentication, and command handling flaws. In addition to Microsoft 365 Copilot, other Microsoft products such as Microsoft Global Secure Access and Azure Stack ACI are also affected by security vulnerabilities. Microsoft has acknowledged these issues and has rolled out updates to address them. Users are strongly advised to update their applications to the latest version to safeguard their data and ensure security. The update process involves accessing any Microsoft 365 application, navigating to the Account section, and selecting 'Update Now.' Failure to update could leave users vulnerable to cyber threats.