Microsoft issues Windows security patches, but Office for Mac users left in the cold

Filed Under: Apple, Malware, Microsoft, Vulnerability

Security holesMicrosoft has issued its May 2011 "Patch Tuesday" pack of security updates, and although it's nothing like as big the Godzilla-sized bundle of vulnerability fixes we saw last month, there's still good reason for both Windows and Mac users to sit up and pay attention.

First up is a critical vulnerability in WINS (the Windows Internet Name Service). According to Microsoft, the WINS vulnerability could allow malicious code to be run on a computer, or a worm to spread, without user interaction.

The good news is that WINS is not installed by default on affected operating systems, and so only users who have manually installed WINS are potentially at risk.

The second security bulletin from Microsoft concerns Microsoft PowerPoint, and this is why it's not just Windows users who have to pay attention.

According to the firm, two vulnerabilities have been discovered in PowerPoint that means that attackers could run malicious code on your computer if they trick you into opening a boobytrapped presentation file. This would give the remote hacker's code the same user rights as the logged-in user.

Microsoft's advisory on the PowerPoint security vulnerabilities, rates the issue as "important", and notes that users of Microsoft PowerPoint 2002, Microsoft PowerPoint 2003, Microsoft PowerPoint 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac are at risk.

However, it's bad news if you're a user of one of these Mac versions of Office as Microsoft does not have a fix for you.

No patch for older versions of Office for Mac

Yuck. The risk is that cybercriminals will reverse engineer the fix for the Windows version of PowerPoint, and use the information they discover to exploit the vulnerability on Apple Mac versions.

Once again, Mac users are being left in the lurch and have to cross their fingers that malicious hackers don't attempt to exploit the vulnerability. Fortunately the latest version of Microsoft Office for Mac (2011) is reportedly not affected by the security holes - but many users won't have bothered to pay for that upgrade.

You can learn more and read Microsoft's May 2011 security summary on their website.

For a complete view of the threat landscape and the trends we are seeing in SophosLabs, download our 2011 Threat Report.

, , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.