Microsoft has brought out patches for critical security vulnerabilities in multiple versions of its Office productivity software suite that allows attackers to run malicious code through specially crafted Office files. The security flaws affect Office running on Windows and Mac operating systems. Here are the details.
Below are the versions of the productivity software suite that are affected by the bugs. This list doesn't include versions that Microsoft no longer support. Depending on which edition you are running, the severity of the vulnerabilities will vary:
- Microsoft Office 2007
- Microsoft Office 2010
- Microsoft Office 2013
- Microsoft Office 2013 RT
- Microsoft Office 2016
- Microsoft Office for Mac 2011
- Microsoft Office for Mac 2016
- Individual software: Microsoft Excel Viewer and Microsoft Word Viewer
You can find out how the security flaws affect the edition of Office you're running over at Microsoft's latest Security Bulletin page.
According to Microsoft, the security update addresses the vulnerabilities by:
- Correcting how Microsoft Office handles objects in memory
- Ensuring that Microsoft SharePoint correctly enforces ACP configuration settings
- Help ensure that Microsoft Office properly implements the ASLR security feature
For people running Windows machines, the update is pushed out through Windows Update. As for Mac users, unfortunately, the patch isn't ready for Mac OS computers yet. The updates will be released as soon as they're ready and Microsoft will be issuing another bulletin on that. You can drill into the details of this patch at the Microsoft Security Bulletin page.