Microsoft’s Office suite of products is used by hundreds of millions of users on a global scale, which makes them vulnerable to various security attacks. That’s why Redmond is regularly rolling out various updates to fight back. Here’s the latest one.
In the recently released Microsoft Security Bulletin MS14-061, that has been rated as important, the has been discovered and fixed a vulnerability in Microsoft Word and Office Web Apps that could allow remote code execution. Here’s how Microsoft described the security patch that was applied:
The vulnerability could allow remote code execution if an attacker convinces a user to open a specially crafted Microsoft Word file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft improves the security of its Office products
This security update is said to affect the following supported editions:
- Microsoft Word 2007
- Microsoft Office 2007
- Microsoft Word 2010
- Microsoft Office 2010
- Microsoft Office for Mac 2011
- Microsoft Office Compatibility Pack
- Word Automation Services
- Microsoft Office Web Apps Server 2010
Microsoft says that this security update addresses the vulnerability by correcting the way that Microsoft Office parses specially crafted files. The single way to get it is to make sure you performed the latest Windows Update check, as there is no hotfix made available for download.