Microsoft patches critical vulnerability in Office 2011 for Mac

The latest update closes a hole that could allow arbitrary execution of code on an affected system.

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
Topher Kessler

Microsoft has issued an update to Office 2011 for OS X, which closes a critical vulnerability that may allow remote code execution from an attacker.

With this vulnerability a maliciously crafted Word document or e-mail message in Outlook (with Word configured as the e-mail reader) could give an attacker the execution rights as the current user, allowing them to arbitrarily run code on the affected system.

Autoupdate running in OS X
Microsoft's AutoUpdate tool is the most convenient way to apply the update. (Click to enlarge image.) Screenshot by Topher Kessler/CNET

While this update is a run-of-the-mill closure of identified vulnerabilities, be sure to keep your system fully updated. While there are undoubtedly other undocumented vulnerabilities in software, malware developers often use known and patched security holes in software, in hopes that they can hook someone who has not updated and secured their system.

Therefore, be sure to always keep your software fully updated.

In addition to security vulnerabilities, this update fixes an error with IMAP accounts in Outlook, where the flagged or starred state of messages is not properly retained.

The update is available through Microsoft's AutoUpdate utility as a 113MB download, but can also be downloaded from the Microsoft Download Center. After installing, the version of Office on your system should be 14.3.5.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.