This article originally appeared in TidBITS on 2017-09-24 at 4:52 p.m.
The permanent URL for this article is: http://tidbits.com/article/17491
Include images: Off

Microsoft Office 2016 15.38

by Agen G. N. Schmitz

Microsoft has issued version 15.38 of its Office 2016 [1] application suite, focusing on patching important security issues. The update resolves two memory corruption vulnerabilities in Excel (CVE-2017-8631 [2] and CVE-2017-8632 [3]) that could allow an attacker to use a specially crafted file to access permissions. Microsoft patched these vulnerabilities in version 14.7.7 of Office 2011 too (see “The End of Microsoft Office for Mac 2011 Is Nigh [4],” 23 August 2017). The Office 2016 release also updates the Microsoft AutoUpdate application to version 3.9.3, providing an alert to reinstall Microsoft AutoUpdate if missing or broken components are detected. ($149.99 for one-time purchase, free update through Microsoft AutoUpdate, release notes [5], 10.10+)

[1]: https://products.office.com/en-us/mac/microsoft-office-for-mac
[2]: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8631
[3]: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8632
[4]: http://tidbits.com/article/17414
[5]: https://support.office.com/en-us/article/Release-notes-for-Office-2016-for-Mac-ed2da564-6d53-4542-9954-7e3209681a41