On Tuesday, Microsoft issued a new security patch
for all versions of its Microsoft Office for Mac 2011 edition, including academic, Standard and Home & Business editions and all the main applications contained therein. The update "fixes critical issues and also helps to improve security. It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer's memory with malicious code." The fix is intended for Intel Macs running OS X 10.5.8 or later.
Users who have paid to subscribe to the "Office 365" version of Office 2011 will see the updates applied automatically. To install the v14.3.8 update, users must already have upgraded to Microsoft Office for Mac 2011 Service Pack 1, otherwise known as version 14.1. The update resolves two privately-reported vulnerabilities
that allow remote code execution if users open specially-crafted Office files, and could give the attack the same user rights as the current user. On the Mac, most users run as Admin users, making the risk greater.
The vulnerabilities also appear on Microsoft Office 2007, 2010, 2013 and 2013 RT for Windows, as well as affect Microsoft Excel Viewer and Microsoft Office Compatibility Pack. The update is rated by the company as "Important," and fixes the bugs "by correcting how Microsoft Excel and other affected Microsoft software validates data when parsing specially crafted Office files," according to the company. Updates will appear in Microsoft Update on machines that meet the hardware and software requirements for Microsoft Office 2011 v14.1 or later.