Important vulnerability fix rolled out in Microsoft Office for Mac updateMicrosoft on Tuesday rolled out updates for both the 2008 and 2011 versions of its Office for Mac software suite, most importantly bringing a fix for vulnerabilities that allowed an attacker to overwrite a computer's memory with malicious code.
Microsoft Office 2011 14.2.2 and Office 2008 12.3.3 include patches for a vulnerability that could allow remote code execution on an affected Mac.
From the Executive Summary:
This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected programs include:
- Microsoft Excel 2003
- Microsoft Excel 2007
- Microsoft Office 2007
- Microsoft Excel 2010
- Microsoft Office 2010
- Microsoft Office 2008 for Mac
- Microsoft Office for Mac 2011
- Microsoft Excel Viewer
- Microsoft Office Compatibility Pack
The severity of the threat is rated as "Important," and users are recommended to update their software as soon as possible.
Microsoft Office 2011 for Mac version 14.2.2 update weighs in at 110MB, while Office 2008 for Mac version 12.3.3 comes in at 218MB. Both downloads can be found here or through Microsoft Updater.