The Mac Security Blog
Microsoft has released updates to Office 2008 and 2011, which include bug fixes and patches for security issues. The Office 2008 update include a fix for two PowerPoint vulnerabilities:
The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of the vulnerabilities could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
And the Office 2011 update fixes a similar vulnerability in Word.
Office users can update their software using Microsoft’s AutoUpdate application, or can download the updaters: Office 2008 update, 285 MB or Office 2011 update, 113 MB.
Microsoft has issued a security bulletin describing important vulnerabilities in Microsoft Excel, including Excel 2004, 2008 and 2011 for Mac, as well as for the Open XML File Format Converter for Mac.
This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user.
The updates are as follows, and are available from the following links:
- Microsoft Office 2004 for Mac 11.6.4 Update, 13 MB
- Microsoft Office 2008 for Mac 12.3.0 Update, 333.1 MB
- Microsoft Office for Mac 2011 14.1.2 Update, 109 MB
- Open XML File Format Converter for Mac 1.2.0, 45 MB
All users of Microsoft Office should apply these updates.
Microsoft today released Office for Mac 2011 SP1, the first major update to the company’s productivity suite. This 246 MB download addresses a number of issues in the various programs used by Microsoft Office 2001, and also includes several security fixes. One vulnerability affects Microsoft Excel, and another affects PowerPoint. Both are rated “Important” by Microsoft.
Microsoft has also updated Office 2008 and Office 2004; while they mention no security fixes for these updates, the two pages that specify the vulnerabilities mention Office 2008 and 2004 as being vulnerable, so it is likely that security updates are included in these updaters as well.
Users can update Microsoft Office using the suite’s Auto-Update tool, or by downloading the updaters from the pages linked above.
2010 was another busy year for Mac security and malware, with new threats targeting Macs, iOS issues, problems with Flash and Acrobat, and a large number of Mac OS X vulnerabilities. We’ve prepared a PDF document with our annual report of all things related to Mac security. Download a copy to get an overview of what’s happened in the world of Mac security over the past 12 months.
Microsoft has released an update for Office 2008, featuring a number of bug fixes, as well as “fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.” This 333 MB update can be installed using Microsoft’s AutoUpdate, or it can be downloaded here.
Details of the update suggest that this is a combo updater. In the past, Microsoft Office updates had to be applied individually, causing some consternation when users missed an update or two, and had to find the older ones.
This update features the security fixes that were included in last month’s Office 2011 update, but there is still no update for Office 2004 yet, which, it seems, suffers from the same vulnerabilities.
Microsoft has released its first update to Office 2011, which, in addition to bug fixes, patches a security vulnerability that could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message.
Users can download the 110.5 MB update here, or via the Microsoft AutoUpdate tool. More information about the update is here.
Computerworld points out that the same flaw exists in Microsoft Office 2004 and 2008, and that Microsoft is not offering patches for these versions.