Service Pack 1 (14.1.0) can be obtained here. In order to apply it, though, you'll need to apply the Service Pack 1 (14.1.0) update first. The final update for that edition of Office is 14.7.7 which was published more than 3 years ago.Step 3: Enter your Office product key, without hyphens. Step 2: In the Sign in to set up Office window, select I dont want to sign in or create an account (its a small link at the bottom of the window). Step 1: Start an Office app, like Word, Project, or Visio, depending on your purchase. Though the latest package is still not on par with the Windows. Security Bulletin Microsoft Security Bulletin MS12-051 - Important Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)Microsoft Office for Mac 2011 offers a solid update to the Word, Excel, PowerPoint, and the other members of the productivity suite.For more information, see the subsection, Affected and Non-Affected Software, in this section.The security update addresses the vulnerabilities by correcting the permission settings on the Microsoft Office 2011 folder and other affected folders. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.Additional Information If you have trouble installing this update or using Office applications after you install this update, try the following: Make sure that.This security update is rated Important for Microsoft Office for Mac 2011. The vulnerability could allow elevation of privilege if a malicious executable is placed on an affected system by an attacker, and then another user logs on later and runs the malicious executable. This security update resolves one publicly disclosed vulnerability in Microsoft Office for Mac. The following server products were qualified for compatibility with F5 BIG-IP APM Secure Proxy: Virtual Apps and Desktops 7 1808.2, 1811, 1906, 1912, 2003. If you use a Microsoft service like Outlook.com, OneDrive, Xbox Live, or Skype, you already have an account.Version: 1.0 General Information Executive SummaryMS Office 2010 for Windows MS Office 2011 for Mac MS Office 2013 for Windows MS Office 2016 for Windows and Mac (This includes an Office 365 subscription) Citrix Compatibility Matrix.Other releases are past their support life cycle. What should I do?The affected software listed in this bulletin have been tested to determine which releases are affected. For the hash information pertaining to this update, see Microsoft Knowledge Base Article 2721015.I am using an older release of the software discussed in this security bulletin. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.KB2665351 in () replaced by KB2721015Frequently Asked Questions (FAQ) Related to This Security UpdateWhere are the hashes of the security updates?The SHA1 and SHA2 hashes of the security updates can be used to verify the authenticity of downloaded security update packages. Other versions or editions are either past their support life cycle or are not affected.
For more information, see the Microsoft Support Lifecycle Policy FAQ. When you call, ask to speak with the local Premier Support sales manager. For contact information, visit the Microsoft Worldwide Information website, select the country in the Contact Information list, and then click Go to see a list of telephone numbers. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For more information about service packs for these software releases, see Service Pack Lifecycle Support Policy.Customers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. To determine the support lifecycle for your software release, see Select a Product for Lifecycle Information. Microsoft Office 2011 Service Pack 1 (14.1.0) Or Later Full User RightsAn attacker could then install programs view, change, or delete data or create new accounts with full user rights. If the user runs the malicious executable as an administrator, the attacker could take complete control over an affected system. If a user later logs on and runs the malicious executable, attacker-provided code can be made to execute in the security context of the current user. An attacker could place a malicious executable in the Microsoft Office 2011 folder. For more information, see Microsoft Exploitability Index.Vulnerability Severity Rating and Maximum Security Impact by Affected Software Affected SoftwareOffice for Mac Improper Folder Permissions Vulnerability - CVE-2012-1894An elevation of privilege vulnerability exists in the way that folder permissions are set in certain Microsoft Office for Mac installations. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the July bulletin summary. Firefox for mac usersHowever, the attacker would only be able to gain elevated privileges on the affected Mac computer if a user runs the malicious executable. The following mitigating factors may be helpful in your situation:- An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.- An attacker could use the vulnerability to place a malicious executable in the Microsoft Office 2011 folder. This is not a direct elevation of privilege, but rather it is a luring attack.To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see ().# Mitigating Factors for Office for Mac Improper Folder Permissions Vulnerability - CVE-2012-1894Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. This vulnerability has been publicly disclosed. When a user later logs on and runs the malicious executable, the attacker-provided code can be made to execute in the security context of the current user.**What systems are primarily at risk from the vulnerability?**Shared workstations, such as those in libraries or internet cafes, are primarily at risk.The update addresses the vulnerability by correcting the permission settings on the Microsoft Office 2011 folder and other affected folders.**When this security bulletin was issued, had this vulnerability been publicly disclosed?**Yes. This is not a direct elevation of privilege, but rather it is a luring attack.**How could an attacker exploit the vulnerability?**To exploit this vulnerability, an attacker would first have to log on to an affected system and place a malicious executable in the Microsoft Office 2011 folder.
0 Comments
Leave a Reply. |
AuthorKelly ArchivesCategories |