Microsoft rolled out a fix last night for both 2008 and 2011 versions of Office for Macintosh. One of these fixes is critical, as it fixes a loophole which would allow an attacker to ‘overwrite a computer's memory with malicious code.'
Microsoft Office 2011 14.2.2 and Office 2008 12.3.3 include patches for a serious vulnerability which would allow remote code execution on an infected machine.
They say “This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
The programs which are affected, are:
- Microsoft Excel 2003
- Microsoft Excel 2007
- Microsoft Office 2007
- Microsoft Excel 2010
- Microsoft Office 2010
- Microsoft Office 2008 for Mac
- Microsoft Office for Mac 2011
- Microsoft Excel Viewer
- Microsoft Office Compatibility Pack
The threat is classed as ‘important' and it is recommended that software is updated as soon as possible. You can get the download files here.
Kitguru says: Well worth updating if you are using this software on the Macintosh.