Microsoft Posts Patches on the Heels of Apple’s Security & Firmware Updates

Microsoft released three updates yesterday which fix bugs and address security concerns in their Office family of products and utilities.

The first is for the Open XML File Format Converter, which bumps the version to 1.0.1 and fixes a remote code execution (rated by Microsoft as “important”) associated with security bulleting MS08-057. The Open XML Converter allows you to convert Open XML files that were created in Office 2008 for Mac or Office 2007 for Windows so that you can open, edit, and save them in earlier versions of Office for Mac. The download is 44MB and should be installed by anyone running Office 2004 or Office v. X on OS X 10.4.9 or higher.

Next up is Office 2004 with a 13MB patch to version 11.5.2 which addresses vulnerabilities which could allow attackers to run code on your system.

Similarly, Microsoft Office 2008 for Mac kicks it up to version 12.1.3 which addresses similar vulnerabilities as the Office 2004 update in this 154MB download.

You can avoid all this work by letting Microsoft do the work for you with their auto-update.

In Good Company

Apple also posted Security Update 2008-007 on October 9th, which addressed nineteen (19) groups of vulnerabilities across a wide spectrum of OS X 10.4 and OS X 10.5 built-in software. Of particular interest are:

  • fixes to QuickLook crashes for users of Microsoft Excel
  • a patch to a local privilege escalation issue with the network stack
  • a fairly gnarly problem with launchd (specific to OS X 10.5.5) that can result in improper sandoxing of some scheduled applications
  • correction to a buffer overflow situation with ColorSync that can be taken advantage of with maliciously crafted images (those evil images again)

Apple also updated trusted root certificates (which are an important component of ensuring secure network communications).

You can check out the other vulnerabilities that were corrected and grab them via Software Update or Apple Downloads (between 31MB & 200MB depending on your system).

Firmware Updates Join The Frey

Apple also posted MacBook/MacBook Pro Software Update 1.2 which — true to form — nebulously “improves compatibility with external displays and includes a variety of software fixes” (would anyone let Microsoft get away with this?). The 45MB update is available now.

The updates caused no issues for me, but I’d be interested to hear if anyone else experienced any problems or post-install issues.