Important vulnerability fix rolled out in Microsoft Office for Mac update

AppleInsiderAppleInsider
Posted:
in Mac Software edited January 2014
Microsoft on Tuesday rolled out updates for both the 2008 and 2011 versions of its Office for Mac software suite, most importantly bringing a fix for vulnerabilities that allowed an attacker to overwrite a computer's memory with malicious code.

Microsoft Office 2011 14.2.2 and Office 2008 12.3.3 include patches for a vulnerability that could allow remote code execution on an affected Mac.

From the Executive Summary:
This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Office


Affected programs include:
  • Microsoft Excel 2003

  • Microsoft Excel 2007

  • Microsoft Office 2007

  • Microsoft Excel 2010

  • Microsoft Office 2010

  • Microsoft Office 2008 for Mac

  • Microsoft Office for Mac 2011

  • Microsoft Excel Viewer

  • Microsoft Office Compatibility Pack
The severity of the threat is rated as "Important," and users are recommended to update their software as soon as possible.

Microsoft Office 2011 for Mac version 14.2.2 update weighs in at 110MB, while Office 2008 for Mac version 12.3.3 comes in at 218MB. Both downloads can be found here or through Microsoft Updater.

Comments

  • Reply 1 of 7
    mr. memr. me Posts: 3,221member


    Someone made a boo-boo. Excel 2003 and Office 2007 are Windows software, not Mac software. The post recovers somewhat by reporting that updates for Office 2008 and Office 2011. One has to wonder about Excel 2004 users. Excel 2004 is not specifically mentioned as suffering from the Excel 2003 vulnerability, but one has to assume that it does.

  • Reply 2 of 7
    enzosenzos Posts: 344member


    So now we've had trojans delivered in Flash, Java and MS Office. What do they have in common? That regretfully they are sometimes still needed. 


    Update just installed; everything still works, so far (10.7.3 / MSOffice 2011). 

  • Reply 3 of 7
    macky the mackymacky the macky Posts: 4,801member

    Quote:

    Originally Posted by Mr. Me View Post


    Someone made a boo-boo. Excel 2003 and Office 2007 are Windows software, not Mac software. The post recovers somewhat by reporting that updates for Office 2008 and Office 2011. One has to wonder about Excel 2004 users. Excel 2004 is not specifically mentioned as suffering from the Excel 2003 vulnerability, but one has to assume that it does.



     


    No boo-boo, The windows versions needed updating too on the PCs, just like the Mac versions on the Macs.


     


    Question: How can you tell if a software package may be harmful to your computer?


     


    Answer: Check the software box for a Microsoft logo.

  • Reply 4 of 7
    doctorgonzodoctorgonzo Posts: 529member


    I'm pretty sure that Outlook 2011 overwrites my memory with malicious code every day. 


     


    *rimshot*

  • Reply 5 of 7
    rob_06rob_06 Posts: 75member

    Quote:

    Originally Posted by DoctorGonzo View Post


    I'm pretty sure that Outlook 2011 overwrites my memory with malicious code every day. 


     


    *rimshot*



     


     


    lol

  • Reply 6 of 7
    lfmorrisonlfmorrison Posts: 698member

    Quote:

    Originally Posted by Mr. Me View Post


    Someone made a boo-boo. Excel 2003 and Office 2007 are Windows software, not Mac software. The post recovers somewhat by reporting that updates for Office 2008 and Office 2011. One has to wonder about Excel 2004 users. Excel 2004 is not specifically mentioned as suffering from the Excel 2003 vulnerability, but one has to assume that it does.



    The vulnerability almost certainly does exist in Office 2004 as well.  Unfortunately, although the Windows versions of Office qualify for Microsoft's "Extended" support lifecycle policy - with security fixes lasting for a minimum of 10 years after general availability - the Mac versions only qualify for the "Mainstream" support lifecycle - with security fixes lasting for only a minimum of 5 years.


     


    Office 2004's "mainstream" support phase was extended from 5 years to almost 8 years - to provide customers who relied upon VBA with a temporary solution during the period after the release of Office 2008 but before the release of Office 2011.


     


    As soon as bugfix support expires for any Microsoft product, Microsoft ceases publishing advisories which could even be used to inform people of the existence of potential defects in that software.  This is standard practice for most software vendors, including Apple.

  • Reply 7 of 7
    lilgto64lilgto64 Posts: 1,147member


    Oh my glob - the sky is falling - Mac's are just as vulnerable to attack as Windows - anyone with Apple stock SELL SELL SELL before the stock goes to zero and Apple is forced to sell the company to Sony....


     


    What's that? there is not a single case of the exploit affecting a real user in the real world? 


     


    Uh, never mind. 


     
Sign In or Register to comment.