5 Comments

Summary:

Microsoft released three updates yesterday which fix bugs and address security concerns in their Office family of products and utilities. The first is for the Open XML File Format Converter, which bumps the version to 1.0.1 and fixes a remote code execution (rated by Microsoft as […]

Microsoft released three updates yesterday which fix bugs and address security concerns in their Office family of products and utilities.

The first is for the Open XML File Format Converter, which bumps the version to 1.0.1 and fixes a remote code execution (rated by Microsoft as “important”) associated with security bulleting MS08-057. The Open XML Converter allows you to convert Open XML files that were created in Office 2008 for Mac or Office 2007 for Windows so that you can open, edit, and save them in earlier versions of Office for Mac. The download is 44MB and should be installed by anyone running Office 2004 or Office v. X on OS X 10.4.9 or higher.

Next up is Office 2004 with a 13MB patch to version 11.5.2 which addresses vulnerabilities which could allow attackers to run code on your system.

Similarly, Microsoft Office 2008 for Mac kicks it up to version 12.1.3 which addresses similar vulnerabilities as the Office 2004 update in this 154MB download.

You can avoid all this work by letting Microsoft do the work for you with their auto-update.

In Good Company

Apple also posted Security Update 2008-007 on October 9th, which addressed nineteen (19) groups of vulnerabilities across a wide spectrum of OS X 10.4 and OS X 10.5 built-in software. Of particular interest are:

  • fixes to QuickLook crashes for users of Microsoft Excel
  • a patch to a local privilege escalation issue with the network stack
  • a fairly gnarly problem with launchd (specific to OS X 10.5.5) that can result in improper sandoxing of some scheduled applications
  • correction to a buffer overflow situation with ColorSync that can be taken advantage of with maliciously crafted images (those evil images again)

Apple also updated trusted root certificates (which are an important component of ensuring secure network communications).

You can check out the other vulnerabilities that were corrected and grab them via Software Update or Apple Downloads (between 31MB & 200MB depending on your system).

Firmware Updates Join The Frey

Apple also posted MacBook/MacBook Pro Software Update 1.2 which — true to form — nebulously “improves compatibility with external displays and includes a variety of software fixes” (would anyone let Microsoft get away with this?). The 45MB update is available now.

The updates caused no issues for me, but I’d be interested to hear if anyone else experienced any problems or post-install issues.

  1. When I tried to apply Office update 12.1.3, to my installed 12.1.2 version of Office 2008, I got the following message:

    “You cannot install Office 2008 12.1.3 Update on this volume. A version of the software required to install this update was not found on this volume.” What’s going on?

    Share
  2. I noticed today that the owner of the /Applications directory had changed from root:admin to my own non-admin account. I looked through the versions of this directory on the Time Machine volume and found that the time of the change is the same as the time of the receipt for the packages installed by the Open XML converter. I don’t see anything obvious in the preflight or postflight scripts, but I’m almost certain that it’s responsible. Not cool.

    Share
  3. I am getting the same problem of Office update not wanting to update because the required version is not present. If anyone has an answer to this problem please let us know :(

    Share
  4. Steve FREEDMAN Tuesday, October 28, 2008

    Once I completely uninstalled and reinstalled Office:Mac 2008, the update patch worked fine.

    Share
  5. Hi guys,

    I am having the same issue since last month. Am getting the error, “You cannot install Office 2008 12.1.3 Update on this volume. A version of the software required to install this update was not found on this volume.”

    Is there anyway to fix this without having to resinstall?

    Share

Comments have been disabled for this post