Microsoft patches critical vulnerability in Office 2011 for Mac

The latest update closes a hole that could allow arbitrary execution of code on an affected system.

Microsoft has issued an update to Office 2011 for OS X, which closes a critical vulnerability that may allow remote code execution from an attacker.

With this vulnerability a maliciously crafted Word document or e-mail message in Outlook (with Word configured as the e-mail reader) could give an attacker the execution rights as the current user, allowing them to arbitrarily run code on the affected system.

Autoupdate running in OS X
Microsoft's AutoUpdate tool is the most convenient way to apply the update. (Click to enlarge image.) Screenshot by Topher Kessler/CNET

While this update is a run-of-the-mill closure of identified vulnerabilities, be sure to keep your system fully updated. While there are undoubtedly other undocumented vulnerabilities in software, malware developers often use known and patched security holes in software, in hopes that they can hook someone who has not updated and secured their system.

Therefore, be sure to always keep your software fully updated.

In addition to security vulnerabilities, this update fixes an error with IMAP accounts in Outlook, where the flagged or starred state of messages is not properly retained.

The update is available through Microsoft's AutoUpdate utility as a 113MB download, but can also be downloaded from the Microsoft Download Center. After installing, the version of Office on your system should be 14.3.5.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

About the author

    Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.


    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    What you missed

    Join CNET for an exclusive interview with Google Lunar XPrize teams

    Five representatives from the finalist Milestone teams told us how they plan to get to the moon and win $30 million next year. Catch up on this exclusive CNET event.