Critical Microsoft security bulletin revised to add Office for Mac

One more time around the block, James.

Microsoft late Thursday revised one of its critical security bulletins from Patch Tuesday, adding another item to its list of affected software.

Security bulletin MS07-036 now includes a warning that Microsoft Office 2004 for the Mac is also affected.

The update is designed to address a security flaw, which could allow attackers to overwrite the computer's memory with malicious code.

Microsoft notes that people running Office 2004 for the Mac on the Mac OS X 10.2 are at risk. It advises people to first install the Microsoft Office 2004 for Mac 11.3.5 update, before downloading the latest fix.

[Penguinisto]

Thank goodness nobody runs that these days...

I jest (but only partially - OOo and NeoOffice is doing a damned
fine job in displacing MS software on OSX, just as a more
successful Safari is doing great in removing IE).

/P

[KTLA_knew]

I wonder

I've been told rep[eatedly on these forums that app flaws written by Apple, but on the Windows platform, are due to NOTHING more than a shoddy platform on which to write, nothing to do ith Apple. I'm assuming this must be true, tech experts that frequent this site say it's so.

I wonder if the converse is true?

[Penguinisto]

You missed a spot:

Problem is, all that shouting you refer to ran on the faulty assumption that it was Firefox's or Windows' fault, where in reality the problem lay not with FF or Windows, but with Internet Explorer and the way it blindly allowed URI actions to dig down deep where there could be damage done. All it took to exploit is a crafted URI that got handled straightaway by Internet Explorer's system files, not Firefox's.

That problem was a legacy item from the days when MSFT busily (and IMHO stupidly) made IE intimately integrated with the Microkernel architecture. If you're stuck with Windows API's, you're stuck with the routing they take to get the job done. Same with OSX.

Linux is excepted because due to its openness, hook/stub setups and outright modules can always be added or removed from the kernel as needed or desired. (e.g., NTFS file systems can be read from or written to in Linux by way of a standalone kernel module which can be dynamically loaded and unloaded on demand -- once it is registered. The differences in architecture and access control are enough to make assigning exploit blame infinitely harder).

Now... that aside, in any such situation, both parties should take the hit for it - Apple for not minimizing the damage that bad coding can do (while better at it than MSFT by orders of magnitude, they still let one get through), and MSFT for letting bad code get through.

IMHO, Apple should just ditch MS Office at first opportunity, and go full-on OOo/NeoOffice - much like they ditched IE and went with a modified Konquerer web browser ( called "Safari").

/P

[mjoecups--2008]

Ignorant nonsense

Apple should ditch MS? This is nonsense. Apple has nothing to do with it!

MS is a third party. Linux geeks just don't get it apparently as they have no MS Office to choose.

This isn't a major advisory, as no one I have seen in years is running 10.2x anyhow.

[Penguinisto]

Stop. Think. Discover.

[i]"Apple should ditch MS? This is nonsense."[/i]

Why?

As it is, Apple is beholden to MS for interop issues just to keep MS Office running on the Mac. If they can break that shackle, and perhaps plow in some of their interop know-how into what's already in OOo, they can be perfectly free of any MS issues.

As it is, I can open Text Edit right now on my 10.3.x Mac, and save it in perfectly-readable .doc format. No MS necessary.

Don't look so shocked... Yes, I own and use a Mac. I own and use Linux PCs. I also own and use a FreeBSD machine.

PS: Various sec advisories, including Microsoft's official one, mentions "OSX 10.2 [i]and later[/i]...

/P

[qwerty75]

Linux

If someone really wants to use Office in Linux, they can.

I don't know anyone that does, or wishes they did, but that isn't the point.

With very little fuss, Office can run in Linux.