Tuesday, May 08, 2012, 10:04 pm

Important vulnerability fix rolled out in Microsoft Office for Mac update

Microsoft on Tuesday rolled out updates for both the 2008 and 2011 versions of its Office for Mac software suite, most importantly bringing a fix for vulnerabilities that allowed an attacker to overwrite a computer's memory with malicious code.

Microsoft Office 2011 14.2.2 and Office 2008 12.3.3 include patches for a vulnerability that could allow remote code execution on an affected Mac.

From the Executive Summary:

This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected programs include:

Microsoft Excel 2003

Microsoft Excel 2007

Microsoft Office 2007

Microsoft Excel 2010

Microsoft Office 2010

Microsoft Office 2008 for Mac

Microsoft Office for Mac 2011

Microsoft Excel Viewer

Microsoft Office Compatibility Pack

The severity of the threat is rated as "Important," and users are recommended to update their software as soon as possible.

Microsoft Office 2011 for Mac version 14.2.2 update weighs in at 110MB, while Office 2008 for Mac version 12.3.3 comes in at 218MB. Both downloads can be found here or through Microsoft Updater.

Tags:

Jump to comments (7)

On Topic: Software

Previous Comments View All

mr. me

2012/05/08 11:44pm

Someone made a boo-boo. Excel 2003 and Office 2007 are Windows software, not Mac software. The post recovers somewhat by reporting that updates for Office 2008 and Office 2011. One has to wonder about Excel 2004 users. Excel 2004 is not specifically mentioned as suffering from the Excel 2003 vulnerability, but one has to assume that it does.

enzos

2012/05/08 11:44pm

So now we've had trojans delivered in Flash, Java and MS Office. What do they have in common? That regretfully they are sometimes still needed.�

Update just installed; everything still works, so far (10.7.3 / MSOffice 2011).�

macky the macky

2012/05/09 12:43am

Quote:

Originally Posted by Mr. Me� View Post

�

No boo-boo, The windows versions needed updating too on the PCs, just like the Mac versions on the Macs.

�

Question: How can you tell if a software package may be harmful to your computer?

�

Answer: Check the software box for a Microsoft logo.

doctorgonzo

2012/05/09 01:28am

I'm pretty sure that Outlook 2011 overwrites my memory with malicious code every day.�

�

*rimshot*

rob_06

2012/05/09 04:06am

Quote:

Originally Posted by DoctorGonzo� View Post

I'm pretty sure that Outlook 2011 overwrites my memory with malicious code every day.�

�

*rimshot*

�

lol

lfmorrison

2012/05/09 07:41am

Quote:

Originally Posted by Mr. Me� View Post

The vulnerability almost certainly does exist in Office 2004 as well. �Unfortunately, although the Windows versions of Office qualify for Microsoft's "Extended" support lifecycle policy - with security fixes lasting for a minimum of 10 years after general availability - the Mac versions only qualify for the "Mainstream" support lifecycle - with security fixes lasting for only a minimum of 5 years.

�

Office 2004's "mainstream" support phase was extended from 5 years to almost 8 years - to provide customers who relied upon VBA with a temporary solution during the period after the release of Office 2008 but before the release of Office 2011.

�

As soon as bugfix support expires for any Microsoft product, Microsoft ceases publishing advisories which could even be used to inform people of the existence of potential defects in that software. �This is standard practice for most software vendors, including Apple.

lilgto64

2012/05/09 11:28am

Oh my glob - the sky is falling - Mac's are just as vulnerable to attack as Windows - anyone with Apple stock SELL SELL SELL before the stock goes to zero and Apple is forced to sell the company to Sony....

�

What's that? there is not a single case of the exploit affecting a real user in the real world?�

�

Uh, never mind.�

View all comments

Lowest Prices Anywhere!

Model	Price	You Save
11"1.3GHz/4GB/128GB	$964.18*	$34.82
11" 1.3GHz/8GB/128GB	$1,061.18*	$37.82
11" 1.3GHz/8GB/256GB	$1,255.18*	$43.82
11"1.7GHz/8GB/128GB	$1,206.68*	$42.32
11"1.7GHz/8GB/256GB	$1,400.68*	$48.32
11" 1.7GHz/8GB/512GB	$1,691.68*	$57.32
13" 1.3GHz/4GB/128GB	$1,061.18*	$37.82
13" 1.3GHz/4GB/256GB	$1,255.18*	$43.82
13" 1.3GHz/8GB/256GB	$1,352.18*	$46.82
13" 1.3GHz/8GB/512GB	$1,643.18*	$46.82
13" 1.7GHz/8GB/256GB	$1,497.00*	$52.00
13" 1.7GHz/8GB/512GB	$1,788.68*	$60.32
* price with Promo Code: APPLEINSIDER01
Click for even more configurations

Model		White	Black
iPad mini (WiFi only)
16GB WiFi		$329.00	$329.00
32GB WiFi		$429.00	$429.00
64GB WiFi		$529.00	$529.00
iPad mini (WiFi + 4G)

16GB 4G White	$459.00	$459.00	$459.00
32GB 4G White	$559.00	$539.99	$559.00
64GB 4G White	$659.00	$659.00	$629.99
16GB 4G Black	$459.00	$459.00	$459.00
32GB 4G Black	$559.00	$539.99	$539.99
64GB 4G Black	$659.00	$659.00	$629.99