New Security Holes In IE, Outlook Express, & Office - This Time For The Mac

Microsoft has released a security patch for Internet Explorer for Mac, and Office for Mac. The patch fixes a buffer overflow problem in IE that could allow a malicious "attacker to take over your computer." The Office for Mac issue could also allow an attacker to take over your Mac under certain circumstances. Microsoft is advising users of IE, Office, or Outlook Express for Mac OS 8, 9, or X to install this patch. From Microsoftis security page:

Why is this patch needed?

If you are running Microsoft® Internet Explorer for Mac, a recently identified security vulnerability could allow an attacker to take over your computer. The attacker could then do anything that you can do, such as change files, install and run software, or reformat the hard drive. You can eliminate this vulnerability by installing a Critical Update from Microsoft.

In addition, there is a problem in Microsoft Office for Mac that could let an attacker take over your computer, but you would first have to accept and open an Office file from the attacker. You should never accept files from an unknown or untrusted source.

Who needs to apply this patch?

You need to apply this patch immediately if you use Microsoft Internet Explorer, Microsoft Outlook® Express, or Microsoft Office for Macintosh® computers running Mac OS 8, 9, or OS X.

How do I get the patch?

Mac OS X users can get the Internet Explorer patch by using the Software Update feature of Mac OS X v10.1 to install the "Internet Explorer 5.1 Security Update." Get more information on Software Update .

Mac OS 8 and OS 9 users can get the Internet Explorer patch at the Mactopia Download Web site.

All users of Office for Mac or Outlook Express Macintosh Edition can get the patch at the Mactopia Download Web site.

Where can I get help?

In the U.S. and Canada only, free support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). International customers, contact your local subsidiary for information on obtaining free support.

For More Information

* Read the full version of Security Bulletin MS02-019.
* To learn more about getting secure and staying secure, use the 7 Steps to Personal Computing Security checklists.

You can read more on this issue at Microsoftis security Web site.

There is an interesting C|Net piece on this issue that discusses the group that found the security flaw and the three months that it took Microsoft to develop the security patch. Itis a very good read.