Microsoft Fails To Provide Security Patches For Mac Office 2004, 2008

In its November security patch update on Tuesday, Microsoft rated Mac Office 2004 and Mac Office 2008 vulnerabilities as "important." At the same time, Microsoft warned: "The security updates for Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac are unavailable at this time."

Microsoft did provide a security patch for Mac Office 2011, which has a much smaller installed base than Mac Office 2004 and Mac Office 2008. That Mac Office 2011 security vulnerability was rated as "critical."

Microsoft's actions raise important questions as to whether Microsoft should have provided an open security alert on Mac Office 2004 and Mac Office 2008 vulnerabilities without providing security patches. That failure to provide patches for Mac Office 2004 and Mac Office 2008 vulnerabilities is effectively an open call to arms for hackers looking to exploit Mac vulnerabilities.

Microsoft also released security patches for its own popular Microsoft Office offerings including Microsoft Office 2010 (32 and 64 bit editions), Microsoft Office 2003 Service Pack 3 and Microsoft Office 2007 Service Pack 2.

Microsoft said the "most severe" Office vulnerabilities could allow "remote code execution if a user opens or previews a specially crafted RTF (Rich Text Format) e-mail message."

"An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user," said Microsoft in the security bulletin. "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

If nothing else, Microsoft should have issued detailed explanations on why it decided to inform users of those Mac Office vulnerabilities without providing the appropriate security patches.