Microsoft patches critical vulnerability in Office 2011 for Mac
The latest update closes a hole that could allow arbitrary execution of code on an affected system.
Microsoft has issued an update to Office 2011 for OS X, which closes a critical vulnerability that may allow remote code execution from an attacker.
With this vulnerability a maliciously crafted Word document or e-mail message in Outlook (with Word configured as the e-mail reader) could give an attacker the execution rights as the current user, allowing them to arbitrarily run code on the affected system.
While this update is a run-of-the-mill closure of identified vulnerabilities, be sure to keep your system fully updated. While there are undoubtedly other undocumented vulnerabilities in software, malware developers often use known and patched security holes in software, in hopes that they can hook someone who has not updated and secured their system.
Therefore, be sure to always keep your software fully updated.
In addition to security vulnerabilities, this update fixes an error with IMAP accounts in Outlook, where the flagged or starred state of messages is not properly retained.
The update is available through Microsoft's AutoUpdate utility as a 113MB download, but can also be downloaded from the Microsoft Download Center. After installing, the version of Office on your system should be 14.3.5.