Office 2004/2008 Security Updates
Microsoft has released a trio of software updates addressing various security issues in its Office suites. The updates – Microsoft Office 2008 for Mac 12.2.6 Update, Microsoft Office 2004 for Mac 11.6.0 Update, and the Open XML File Format Converter for Mac 1.1.6 – patch an issue where maliciously crafted files opened in Excel or Word could enable an attacker to execute code on your Mac. The Office 2008 update also updates Microsoft Entourage’s time zone information and fixes some Excel crashes that could occur on launch, when sorting merged cells, or editing cells. The updates are free, and Microsoft recommends Office users install them as quickly as possible. Be sure not to cancel or interrupt the installation process, or your Office installation may be left in a non-functional state (if this has already happened, reinstall from your original media and then install all necessary updates before using Office again).
I notice these security updates always use words like "could", "might", "may", not just Microsoft but all security updates by all vendors, including Apple. I'm not griping all that much and I'm all for fixing flaws in software but isn't this a lot of crying wolf? I've been using Macs for many years now and have never, EVER, been attacked or compromised by any of these"could, might, may" exploits.
You say that like it's a bad thing. :-)
Seriously, this is why we don't delve into the details of security vulnerabilities - exploits are generally theoretical and have not in fact happened to anyone. Only occasionally is an exploit seen "in the wild" before it's fixed, and that's cause for much greater concern (as it was with the recent Adobe Flash Player exploit).
At the same time, we feel it's important that users know how often software is updated for security reasons - to gloss over that fact would be doing the community a disservice by not acknowledging that security issues are becoming increasingly more common and more serious.
That's a fascinating stance. I look at it the opposite way. Patching these holes as quickly as possible means they never turn into a real exploit.
Remember Y2K? It wasn't a disaster because everyone actually freaked out ahead of time. The post-mortem by the media was that it was overblown. But, of course, they disregard the millions of systems that were updated worldwide. Few failed; some did; nothing critical.
Too bad it provided no security from Microsoft. I ran the update and it deleted my Entourage application. I just read of someone else who ran it and it deleted his Excel app. I'm furious right now!!!
The best way to ensure that you don't open a malicious Excel file is to delete Excel entirely! ;-) Thanks for reporting this - I'll look into it more.
After talking with Melanie and looking into this, it's possible that the application was deleted due to canceling the install process in the middle.
The fix is to reinstall from original media and download the necessary updates to get back to the current version of Entourage 2004. It's important to avoid launching Entourage until the updates have been installed, since the initial version won't understand the current database format.
I'll add a warning to the article.
That is correct. If you interrupt the updater during its installation process, its very possible you could catch it while it is replacing an application with the updated application. The fix is to reinstall Office 2004 with your install disk and just run the latest update (11.6.0) as this is a combo update and will update all the way back from the first version (11.0.0)
And mentioning restarting in safe mode between all updates. Don't launch any Office app between updates!