This week, Microsoft released an update for Office for Mac 2011, resolving vulnerabilities in Microsoft Office that could allow remote code execution if a specifically crafted file is opened in an affected version of Microsoft Office. The 113.5 MB update is available for Mac OS X version 10.5.8 or later versions on an Intel processor.
This update applies to the following Microsoft software: Office 2011, Office 2011 Home and Business Edition, Word 2011, Excel 2011, PowerPoint 2011, Outlook 2011, Office for Mac Standard 2011 Edition, Microsoft Office for Mac Home & Student 2011, and Microsoft Office for Mac Academic 2011.
Microsoft’s security bulletin (MS14-017) describes the security fixes as follows:
This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a specially crafted file is opened or previewed in an affected version of Microsoft Office software. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. […] The security update addresses the vulnerabilities by correcting the way that Microsoft Office software parses specially crafted files.
Office for Mac 2011 14.4.1 update addresses the following vulnerabilities:
Mac OS X user accounts must have administrator privileges to install this security update. Office for Mac users can update their software using Microsoft’s AutoUpdate application, or you can visit Microsoft’s Download Center to get the 113.5 MB Office 2011 14.4.1 update for Mac.
