Microsoft adds Office for Mac to patch

Heads up Apple users — Microsoft has quietly added Office 2004 for the Mac to one of its latest security patches.

On June 12, Microsoft amended the list of affected products covered by its MS07-036 security update to add the Mac iteration of Office. The patch was originally released earlier in the week as part of the software maker’s monthly Patch Tuesday bulletin distribution.

The Office for Mac bulletin is ranked as critical, Microsoft’s most severe security update rating, and hackers could potentially use exploit the flaw to carry out remote code executions on affected PCs, the company warned.

The bug could specifically allow outsiders to use a specially-crafted Excel file to overwhelm an affected system’s memory and take control of the device, according to Microsoft.

Microsoft reported that users whose Office systems are configured to have fewer administrative privileges are at less risk for malware exploitation than users who operate with broader rights. (shocker!)

MS07-036 aims to patch three vulnerabilities — two of which were rated as critical, and one of which related to a known zero-day flaw. The bulletin repairs bugs in Excel 2000, 2002, 2003, and 2007.

On Tuesday the company issued six security updates for Windows, Office, and .Net Framework, patching a total of 11 vulnerabilities — five of them rated critical.

The most serious of the batch is MS07-039, which patches a pair of bugs in Active Directory in Windows 2000 Server and Windows Server 2003, the two supported server editions of Microsoft’s operating system.

The most dangerous of the two is a vulnerability in the way Active Directory validates an LDAP request. According to Microsoft’s write-up, “an attacker who successfully exploited this vulnerability could take complete control of an affected system.”

The Active Directory bug can be exploited without any user interaction, and on Windows 2000 Server, the older of the two operating systems, the company said.