Patch the big new Microsoft Word security vulnerability

Yesterday, Microsoft released a series of patches to Microsoft Office — for both Windows and Macintosh — that plugged a serious Remote Code Execution flaw in Word and Outlook.

As detailed in Microsoft Security Bulletin MS08-026, which is rated as “critical”:

This security update resolves several privately reported vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for supported editions of Microsoft Word 2000 and Microsoft Outlook 2007 and rated Important for supported editions of Microsoft Word 2002; Microsoft Word 2003; Microsoft Word Viewer 2003 and Microsoft Word Viewer 2003 Service Pack 3; Microsoft Word 2007; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats; and Microsoft Office 2004 for Mac and Microsoft Office 2008 for Mac.

For Mac users, the company has issued Service Pack 1 for Office 2008; it fixes this bug and adds many other fixes and enhancements. Office 2004 users have a minor update, 11.4.2, which seems to be only focused on this bug fix.

If you use Office for Mac, you should test and deploy those updates.

There are similarly a number of updates for Office for Windows.

Z Trek Copyright (c) Alan Zeichick