Microsoft Patches Office 2004 and 2008

It’s security update time for Microsoft Office, both the 2008 and 2004 versions. If you use Office 2008, you’ll need this 114 MB download, which fixes, among other things, “vulnerabilities in Office 2008 that an attacker can use to overwrite the contents of your computer’s memory with malicious code”, as well as an installer problem, whereby the Office installer wrote files with an incorrect user ID, meaning that many users couldn’t access the programs and support files correctly. The update also fixes general reliability and a number of bugs.

For Office 2004, a 13 MB download, fixes bugs and two security issues: one for Excel, and a critical vulnerability

“that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Security Update for VLC Media Player

VideoLAN has released an update to its popular VLC media player that contains several security fixes, including one for an RTSP (real-time streaming protocol) weakness, similar to the one that recently affected QuickTime. VideoLAN doesn’t say whether these security fixes affect the Mac version of their software, but the Mac OS X package, like those for other platforms, has been updated to the same version number. If you use VCL to play media files, you should download this new version right away.

A Microsoft Office 2004 Security Update

Microsoft has released a security update for Office 2004, which “fixes a vulnerability that an attacker can use to overwrite the contents of your computer’s memory with malicious code.” They give no more information as to how the attacker will get access to your Mac via Office, but you should still apply this update just in case. You can get the 11.4.0 update by running Microsoft AutoUpdate, the updater that is included with Office 2004, or by visiting this web page and downloading a disk image.

Critical Update for Firefox

If you use Firefox as your web browser, it’s time to grab an update. The Mozilla Foundation has released a new version of the program containing ten fixes, three of them security patches for critical flaws. One of the flaws allowed remote users to swipe browser history, another the way the browser processes images on web pages, and the third was a remote code execution. There is also a fix for the way Firefox handles add-ons, which may have security ramifications.

Get the latest version of Firefox (2.0.0.12) here.

Acrobat Reader Security Update - Shh! It’s a Secret

When most vendors release security updates to their software, they tell users what is being fixed. Not Adobe; they’ve just released a security update for Acrobat Reader, version 8.1.2, and they say it “addresses a number of customer workflow issues and security vulnerabilities”, without giving any more information. This is a no-no in the security world, since administrators need to know what’s being fixed. In any case, if you use Acrobat Reader, get the latest update so you can be safe from . . . well, I don’t know what.

Quicken Update Causes Data Loss

Users of the popular Quicken financial software have been dismayed to see that, after applying a recent update, some of their personal files disappeared. For some reason, the updater deleted their entire Desktop folder. This can be a disaster, as the Desktop is, for many people, a repository for in-progress files.

The first thing to do is not update Quicken, if you haven’t already done so, to ensure that you don’t get stung by this bug. If you have already updated the program, and lost files, do not reboot it until you contact Quicken’s technical support. (Though if you know you’ve lost files, or if you’re reading this, you’ve probably already rebooted.) Quicken says it will try and help users recover their files, but it seem that this could be difficult. (See their tech note on this issue.)

In the meantime, we can only suggest that, before running any software updates, you make sure to back up, if not your entire Mac, at least your home folder, using Intego Personal Backup. In case of problems, you can recover your files, and not have to wait to reboot your Mac. Regular backups are the most essential link in the Mac security chain, because having backups ensures that even if you get stung, your files will be safe.