Microsoft Releases Office 2011 14.4.9 Update, Patches Critical Vulnerabilities

Microsoft has released Office 2011 14.4.9 Update for Mac OS X version 10.5.8 or later, patching critical vulnerabilities in its software. These security updates resolve a total of 5 vulnerabilities in Microsoft Office that could allow remote code execution.

The Office for Mac security update applies to the following Microsoft software: Office for Mac 2011, Microsoft Word for Mac 2011, Outlook for Mac for Office 365, Word Automation Services on Microsoft SharePoint Server 2013, and Microsoft Office Web Apps Server 2013.

Microsoft’s security bulletin noted the following on the now closed vulnerabilities:

The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

The following security bugs are resolved with the Office 2011 14.4.9 update:

Microsoft’s security team addressed the critical flaws by correcting how Microsoft Office parses specially crafted files, by correcting how Office handles files in memory, and by helping to ensure that SharePoint Server properly sanitizes user input.

We strongly encourage all users running Microsoft Office 2011 for Mac install these updates as soon as possible. Mac users can update your software by using Microsoft's AutoUpdate application, or you can visit Microsoft Download Center to get the Office 2011 14.4.9 Update (113.6 MB).