Patch/Configuration Management, Vulnerability Management

Microsoft goofs with early Office for Mac patch release


Microsoft said today that it accidentally released a Patch Tuesday security fix to correct an undefined vulnerability in Office 2004 for Mac.

The software giant said on its Security Response Center Blog that researchers are still working on finishing the patch for the bug that can be exploited by an attacker to "overwrite the contents of your computer's memory with malicious code," according to the errantly released update. It does not reveal any other details about the flaw.

Researcher Mike Reavey said on the blog that users should not confuse this update with official patches released Tuesday to correct 11 Windows-related vulnerabilities. In addition, the update is not related to two zero-day Word vulnerabilities that currently have no fix, he said.

"The updates posted in error were pre-release binaries that had been staged internally as part of our testing for an upcoming release," he said. "Due to human error, they were accidentally published to the public websites before our full testing release process was complete. As soon as we discovered the error, we moved quickly to address it and remove the pre-release binaries from our public sites."

No timeline was set for the official release of the Office for Mac update.

"Once our investigation into this issue is complete and we have security updates that meet our quality bar for release, we'll release those final security updates for all products affected, along with a security bulletin," Reavey said. "We're also taking steps to ensure a mistake like this doesn't happen again."

Click here to email Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.