Microsoft remembers to patch Mac Office against new flaws
Vendor doesn't forget about its Macintosh software, like it did last month
Microsoft Corp. updated its Office 2004 for Mac software yesterday to patch two vulnerabilities that could be exploited using malformed Excel documents or malicious Web sites.
For example, the MS07-043 bulletin details an Object Linking and Embedding (OLE) bug that attackers could exploit by duping users into visiting malevolent Web sites. The patch for the OLE flaw also was deployed for users of Windows 2000, Windows XP and Windows Server 2003. But it only applies to the Macintosh version of Office, not the far-more-popular versions of Microsoft's desktop applications suite that run on Windows.
The OLE vulnerability was rated "critical" for Office 2004 -- the highest ranking in Microsoft's four-level threat-scoring system.
The information in MS07-044, the second security bulletin that applies to Office 2004, will be more familiar to Office users. It describes a hole in Excel's document format, which has had to be plugged for similar reasons several times over the past year -- most recently in July, when three other bugs in the spreadsheet were patched. In that case, Microsoft initially forgot to mention Office 2004 for Mac in its advisory, which had to be revised two days later.
Windows editions of Excel are also at risk from the newly discovered vulnerability, according to Microsoft, which rated the flaw "critical" for Office 2000 and "important" for Office XP, Office 2003 and Office 2004. "An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely," the company said in its advisory.
Office 2004 11.3.7 is an 8.6MB patch that can be downloaded from Microsoft's Web site. Users first have to ensure that they have installed 11.3.6, the update that was released in July.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts