Chrome and Office updates address vulnerabilities
Both Microsoft and Google have released updates to their Office and Chrome software, which address security vulnerabilities.
Yesterday Microsoft released updates for Office 2008 and Office 2011 for OS X, which include patches for a couple of vulnerabilities in PowerPoint and Word.
In the security bulletin accompanying the Office 2011 update, Microsoft warned that the vulnerabilities include exploits in which an attacker can use specially crafted Word files to gain access to the system. In addition, the updates address the reliability and stability of Excel and Outlook, fixing problems in which the programs could exit unexpectedly or give improper password expiration notifications.
For the Office 2008 update, the vulnerability is similar in that opening a specially crafted file could allow an attacker to take control of a system, except for the files are PowerPoint instead of Word.
While these vulnerabilities will not affect people who only use documents they create, the potential is there for documents from third parties that could contain the exploits, so Microsoft has labeled these updates as critical and recommends all users of Office 2008 and 2011 install them.
You can download the updates from the Office 2008 12.3.2 Web site, the Office 2011 14.1.4 Web site, or preferably use Microsoft's Autoupdate tool, which can be activated by selecting Check for Updates from the Help menu in any of the Office applications.
In addition to the updates from Microsoft, Google has issued an update for Chrome, which addresses 15 vulnerabilities with the program. If you use Chrome, to update select About Google Chrome from the Chrome application menu, and then click the Update Now button at the bottom of the window.