A dozen different Office security breaches are patched this month, in addition to many for Windows and other MS products.
All supported Office versions are affected. Office 2016, 2013, 2010 and 2007 for Windows plus the Office compatibility pack and the standalone viewers for Word and Excel. Also patches for Office for Mac 2016 and 2011.
This is the last time we’ll see individual patches for ‘issues’. From January 2017, Microsoft will release ‘roll ups’ or combined patches for all the fixes.
Worryingly, in many cases it’s not clear what the security problem is because Microsoft hasn’t made that public. For example Microsoft refers to one breach with a link to the CVE site “Microsoft Office Information Disclosure Vulnerability – CVE-2016-7268“. That page and many others on the December patch list has no information. The page is reserved for Microsoft but the company hasn’t filled in the blanks.
For most people, all you need to do is make sure Office has been updated. That should happen automatically on most computers. The cautious may want to wait a little while, just in case the updates themselves cause problems.
The full list of December security patches is here while the Office related page, covering the 12 problems that are fixed is here.
