M icrosoft has issued a critical security warning, as well as accompanying updates, for Mac Office v.X and Mac Office 2001. The most recent version of Mac Office (Office 2004) is not affected. The security flaw is specifically found in Excel, and could allow someone to execute code that would allow them to gain complete control of your Mac. First, the Executive Summary for the flaw from Microsoft:
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Excel. The vulnerability is documented in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Microsoft also made available updates for both Office v.X and Office 2001 that patches this security hole. Windows versions of Office were also affected, and also have patches. You can find more information on this security warning, including links to all of the relevant patches, at Microsoftis security Web site. We are providing links to the Mac patches below.