Microsoft remembers to patch Mac Office against new flaws

Vendor doesn't forget about its Macintosh software, like it did last month

August 15, 2007 12:00 PM ET

Computerworld -

Microsoft Corp. updated its Office 2004 for Mac software yesterday to patch two vulnerabilities that could be exploited using malformed Excel documents or malicious Web sites.

Office 2004 11.3.7 includes fixes for flaws spelled out in a pair of security bulletins that Microsoft issued Tuesday as part of its monthly release of software updates.

For example, the MS07-043 bulletin details an Object Linking and Embedding (OLE) bug that attackers could exploit by duping users into visiting malevolent Web sites. The patch for the OLE flaw also was deployed for users of Windows 2000, Windows XP and Windows Server 2003. But it only applies to the Macintosh version of Office, not the far-more-popular versions of Microsoft's desktop applications suite that run on Windows.

The OLE vulnerability was rated "critical" for Office 2004 -- the highest ranking in Microsoft's four-level threat-scoring system.

The information in MS07-044, the second security bulletin that applies to Office 2004, will be more familiar to Office users. It describes a hole in Excel's document format, which has had to be plugged for similar reasons several times over the past year -- most recently in July, when three other bugs in the spreadsheet were patched. In that case, Microsoft initially forgot to mention Office 2004 for Mac in its advisory, which had to be revised two days later.

Windows editions of Excel are also at risk from the newly discovered vulnerability, according to Microsoft, which rated the flaw "critical" for Office 2000 and "important" for Office XP, Office 2003 and Office 2004. "An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely," the company said in its advisory.

Office 2004 11.3.7 is an 8.6MB patch that can be downloaded from Microsoft's Web site. Users first have to ensure that they have installed 11.3.6, the update that was released in July.

Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

Comments ()

Today's Top Stories

Additional Resources

WHITE PAPER

How Cloud Communications Reduce Costs and Increase Productivity

Small and midsize businesses are moving to the cloud to host their communications capabilities. Learn how enterprise-quality phone benefits, online management, conferencing, auto attendant, and ease of use are built into a system that is half the cost of a PBX.

Read now.

Free Insider Guide

IT Certification Study Tips: Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.

Malware and Vulnerabilities Resources

Security for Virtualization Learn more.
When Malware Goes Mobile: Causes, Outcomes and Cures Cybercriminals are increasingly setting their sights on smartphones and other mobile devices. Learn about platform-specific policies and strategies you can employ to protect...
Streamlining Information Workflows In order to streamline your workflows effectively, you will need to properly align your file transfer solution with your business requirements.
Streamlining Information Workflows In order to streamline your workflows effectively, you will need to properly align your file transfer solution with your business requirements.

Bridging HTTP and FTP with FileXpress Internet Server What if you could take an FTP server on your internal network, and allow external users (partners or customers) to securely access it...
MFT and FileXpress - An Overview Business users and applications exchange files on a regular basis. File transfer is a core part of the flow of business activity.

All Malware and Vulnerabilities White Papers

Webcasts

IT Jobs

See All Jobs Post a job for $295

Jobs by SimplyHired

Malware and Vulnerabilities White Papers | All Malware and Vulnerabilities White Papers