Security News

Microsoft Releases Office for Mac 2011 14.4.1 Update

Posted on April 11th, 2014 by

This week, Microsoft released an update for Office for Mac 2011, resolving vulnerabilities in Microsoft Office that could allow remote code execution if a specifically crafted file is opened in an affected version of Microsoft Office. The 113.5 MB update is available for Mac OS X version 10.5.8 or later versions on an Intel processor.

This update applies to the following Microsoft software: Office 2011, Office 2011 Home and Business Edition, Word 2011, Excel 2011, PowerPoint 2011, Outlook 2011, Office for Mac Standard 2011 Edition, Microsoft Office for Mac Home & Student 2011, and Microsoft Office for Mac Academic 2011.

Office for Mac 2011 14.4.1 update notice

Microsoft’s security bulletin (MS14-017) describes the security fixes as follows:

This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a specially crafted file is opened or previewed in an affected version of Microsoft Office software. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. […] The security update addresses the vulnerabilities by correcting the way that Microsoft Office software parses specially crafted files.

Office for Mac 2011 14.4.1 update addresses the following vulnerabilities:

  • CVE-2014-1757 : A remote code execution vulnerability exists in the way that affected Microsoft Office software converts specially crafted files. An attacker who successfully exploited this vulnerability could run arbitrary code as the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • CVE-2014-1758 : A remote code execution vulnerability exists in the way that Microsoft Word parses specially crafted files. An attacker who successfully exploited this vulnerability could run arbitrary code as the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • CVE-2014-1761 : A remote code execution vulnerability exists in the way that Microsoft Word parses specially crafted files. An attacker who successfully exploited this vulnerability could run arbitrary code as the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Mac OS X user accounts must have administrator privileges to install this security update. Office for Mac users can update their software using Microsoft’s AutoUpdate application, or you can visit Microsoft’s Download Center to get the 113.5 MB Office 2011 14.4.1 update for Mac.