Microsoft remembers to patch Mac Office against new flaws
Vendor doesn't forget about its Macintosh software, like it did last month
Microsoft Corp. updated its Office 2004 for Mac software yesterday to patch two vulnerabilities that could be exploited using malformed Excel documents or malicious Web sites.
For example, the MS07-043 bulletin details an Object Linking and Embedding (OLE) bug that attackers could exploit by duping users into visiting malevolent Web sites. The patch for the OLE flaw also was deployed for users of Windows 2000, Windows XP and Windows Server 2003. But it only applies to the Macintosh version of Office, not the far-more-popular versions of Microsoft's desktop applications suite that run on Windows.
The OLE vulnerability was rated "critical" for Office 2004 -- the highest ranking in Microsoft's four-level threat-scoring system.
The information in MS07-044, the second security bulletin that applies to Office 2004, will be more familiar to Office users. It describes a hole in Excel's document format, which has had to be plugged for similar reasons several times over the past year -- most recently in July, when three other bugs in the spreadsheet were patched. In that case, Microsoft initially forgot to mention Office 2004 for Mac in its advisory, which had to be revised two days later.
Windows editions of Excel are also at risk from the newly discovered vulnerability, according to Microsoft, which rated the flaw "critical" for Office 2000 and "important" for Office XP, Office 2003 and Office 2004. "An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely," the company said in its advisory.
Office 2004 11.3.7 is an 8.6MB patch that can be downloaded from Microsoft's Web site. Users first have to ensure that they have installed 11.3.6, the update that was released in July.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Malware and Vulnerabilities White Papers | Webcasts