14 DAY TRIAL // This week, Microsoft patched a number of flaws in its Office for Mac software, strengthening the security of the productivity suite. One vulnerability in particular could allow remote code execution on Macintosh computers.
The security update released for both Office for Mac editions “resolves one publicly disclosed and five privately reported vulnerabilities,” Microsoft said in an advisory.
“The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file,” reads the tech note. “An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user.”
Some users could be less impacted, such as those whose accounts are configured to have fewer user rights on the system. People who operate with administrative user rights are more prone to an attack.
Rated Important by Microsoft, this update targets all supported editions of Microsoft Excel 2003, Microsoft Excel 2007, Microsoft Office 2007, Microsoft Excel 2010, Microsoft Office 2010, Microsoft Office 2008 for Mac, and Microsoft Office for Mac 2011.
Supported versions of Microsoft Excel Viewer and Microsoft Office Compatibility Pack are also targeted.
Microsoft explains how the patch works, noting that “The security update addresses the vulnerabilities by correcting the way that Microsoft Excel validates data when opening specially crafted Excel files.”
Customers looking for more information about the vulnerabilities are encouraged to see the Frequently Asked Questions (FAQ) subsection.
“For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update at the earliest opportunity using update management software, or by checking for updates using the Microsoft Update service,” the advisory adds.