Skip the navigation

Microsoft remembers to patch Mac Office against new flaws

Vendor doesn't forget about its Macintosh software, like it did last month

August 15, 2007 12:00 PM ET

Computerworld -

Microsoft Corp. updated its Office 2004 for Mac software yesterday to patch two vulnerabilities that could be exploited using malformed Excel documents or malicious Web sites.

Office 2004 11.3.7 includes fixes for flaws spelled out in a pair of security bulletins that Microsoft issued Tuesday as part of its monthly release of software updates.

For example, the MS07-043 bulletin details an Object Linking and Embedding (OLE) bug that attackers could exploit by duping users into visiting malevolent Web sites. The patch for the OLE flaw also was deployed for users of Windows 2000, Windows XP and Windows Server 2003. But it only applies to the Macintosh version of Office, not the far-more-popular versions of Microsoft's desktop applications suite that run on Windows.

The OLE vulnerability was rated "critical" for Office 2004 -- the highest ranking in Microsoft's four-level threat-scoring system.

The information in MS07-044, the second security bulletin that applies to Office 2004, will be more familiar to Office users. It describes a hole in Excel's document format, which has had to be plugged for similar reasons several times over the past year -- most recently in July, when three other bugs in the spreadsheet were patched. In that case, Microsoft initially forgot to mention Office 2004 for Mac in its advisory, which had to be revised two days later.

Windows editions of Excel are also at risk from the newly discovered vulnerability, according to Microsoft, which rated the flaw "critical" for Office 2000 and "important" for Office XP, Office 2003 and Office 2004. "An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely," the company said in its advisory.

Office 2004 11.3.7 is an 8.6MB patch that can be downloaded from Microsoft's Web site. Users first have to ensure that they have installed 11.3.6, the update that was released in July.

Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.



Our Commenting Policies