Microsoft has issued version 15.38 of its Office 2016 application suite, focusing on patching important security issues. The update resolves two memory corruption vulnerabilities in Excel (CVE-2017-8631 and CVE-2017-8632) that could allow an attacker to use a specially crafted file to access permissions. Microsoft patched these vulnerabilities in version 14.7.7 of Office 2011 too (see “The End of Microsoft Office for Mac 2011 Is Nigh,” 23 August 2017). The Office 2016 release also updates the Microsoft AutoUpdate application to version 3.9.3, providing an alert to reinstall Microsoft AutoUpdate if missing or broken components are detected. ($149.99 for one-time purchase, free update through Microsoft AutoUpdate, release notes, 10.10+)
Unless otherwise noted, this article is copyright © 2017 TidBITS Publishing, Inc.Published in TidBITS on 2017-09-24.
TidBITS is copyright © 2016 TidBITS Publishing Inc. Reuse governed by Creative Commons License.