Skip to content
Thoughtful, detailed coverage of everything Apple for 32 years
and the TidBITS Content Network for Apple professionals

Critical Security Patches for Internet Explorer, Outlook Express, & Microsoft Office


Microsoft has released security
patches
to address two security vulnerabilities
affecting Internet Explorer, Outlook Express, and Office
applications for both the "Classic" Mac OS (Mac OS
8.x and Mac OS 9) as well as Mac OS X. Microsoft is urging
all users of these programs to download and apply the patches
at once. Vulnerable software includes:

  • Internet Explorer 5.1 for Mac OS X

  • Internet Explorer 5.1 for Mac OS 8 or 9

  • Outlook Express 5.0 through 5.0.3

  • Entourage X for Mac OS X

  • Entourage 2001

  • PowerPoint X for Mac OS X

  • PowerPoint 2001

  • PowerPoint 98

  • Excel X for Mac OS X

  • Excel 2001


The first security vulnerability could enable malicious HTML markup in a Web page, HTML email message, or Office document to exploit a buffer overflow; theoretically, an attacker could exploit this buffer overflow to perform such tasks on your computer as deleting or changing files, or installing and running software without your permission. (Under Mac OS X, the attacker would have the same privileges as the current user, which could limit the vulnerability.) In the case of Office documents (Word files, Excel spreadsheets, or PowerPoint presentations), the user would have to open the malicious document to be exposed; Microsoft warns that users should never accept files from unknown
sources.


The second vulnerability affects current versions of Internet Explorer, and could allow an attacker to run a pre-existing AppleScript script on your computer, but only if the script’s name and complete path were known. (The attacker could not install a script; it has to already be available.) The most common "well-known" scripts are those in the Speakable Items folder; they can perform tasks like quitting applications, restarting the computer, emptying the Trash, and more.


The patches for Microsoft Office 2001 (263 K), Office X (1.8 MB), and Outlook Express (new version 5.0.4; 8.6 MB), and patches for Mac
OS 8 and OS 9 users of Internet Explorer (new version 5.1.4; 5.4 MB), are available for download from
Microsoft’s Macintosh download site. Mac OS X users should apply the patch to Internet Explorer for Mac OS X (the default web browser installed with the operating system) via the
Software Update feature of Mac OS X, which may be accessed via System
Preferences. Mac OS X users must still manually download and apply the
patches for Office or other applications.


The company says versions of Internet Explorer prior to 5.1,
of Outlook Express prior to 5.0.1, and of Office prior to
Office 98 are no longer supported, have not
been tested, and may or may not be subject to these
vulnerabilities.

The current security patches, when applied, will also patch
all previously noted vulnerabilities in these versions of
the Microsoft applications.


Microsoft is offering free user support by phone to U.S. and Canadian
callers at 1-866-PC-SAFETY (1-866-727-2338). International users should
contact their local subsidiary for information about obtaining free support
for downloading and installing these patches.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 32 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.