Despite having pushed out two other software updates to Office for Mac in recent weeks, Microsoft has issued a critical fix for a vulnerability affecting a number of its products which could allow remote code execution just by opening a rogue Office file.
Microsoft issued a security bulletin MS12-030 on Tuesday which affects a wide range of their Office products, including the 2008 and 2011 Mac editions. Thankfully, a fix is already available for both versions which patches the vulnerability.
“This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office,” the security bulletin notes. “The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
The issue has been tagged by Microsoft as an “Important” security rating, and is now offering software updates through its AutoUpdate or via direct download for both Microsoft Office 2011 for Mac (version 14.2.2, 110MB) and Microsoft Office 2008 for Mac (version 12.3.3, 218MB).
Follow this article’s author, J.R. Bookwalter on Twitter
