Microsoft released three updates yesterday which fix bugs and address security concerns in their Office family of products and utilities.
The first is for the Open XML File Format Converter, which bumps the version to 1.0.1 and fixes a remote code execution (rated by Microsoft as “important”) associated with security bulleting MS08-057. The Open XML Converter allows you to convert Open XML files that were created in Office 2008 for Mac or Office 2007 for Windows so that you can open, edit, and save them in earlier versions of Office for Mac. The download is 44MB and should be installed by anyone running Office 2004 or Office v. X on OS X 10.4.9 or higher.
You can avoid all this work by letting Microsoft do the work for you with their auto-update.
In Good Company
Apple also posted Security Update 2008-007 on October 9th, which addressed nineteen (19) groups of vulnerabilities across a wide spectrum of OS X 10.4 and OS X 10.5 built-in software. Of particular interest are:
- fixes to QuickLook crashes for users of Microsoft Excel
- a patch to a local privilege escalation issue with the network stack
- a fairly gnarly problem with launchd (specific to OS X 10.5.5) that can result in improper sandoxing of some scheduled applications
- correction to a buffer overflow situation with ColorSync that can be taken advantage of with maliciously crafted images (those evil images again)
Apple also updated trusted root certificates (which are an important component of ensuring secure network communications).
Firmware Updates Join The Frey
Apple also posted MacBook/MacBook Pro Software Update 1.2 which — true to form — nebulously “improves compatibility with external displays and includes a variety of software fixes” (would anyone let Microsoft get away with this?). The 45MB update is available now.
The updates caused no issues for me, but I’d be interested to hear if anyone else experienced any problems or post-install issues.