Another month, another load of Office security patches

Office for Mere Mortals helps people around the world get more from Word, Excel, PowerPoint and Outlook. Delivered once a week. free.

Just in time for Valentine’s Day <g>, Microsoft has released yet another set of patches for security holes in their products.  There’s about 55 patches including a particularly nasty Outlook bug and problems with Microsoft new ‘safer’ Edge browser.

Microsoft has or will push these fixes out through Windows/Microsoft update.  Our test machines where already updated by the time we wrote this.

Two Outlook bugs

The Outlook security hole applies to Outlook 2016, 2013, 2010 and 2007.  An incoming message could trigger access to a higher level of computer access simply when rendering the email.  The hacked message tries to access an external message store.

No user action seems to be necessary.

Microsoft, as usual, downplays the severity of their security lapses.  They describe this Outlook bug as ‘less likely’ to be exploited but it’s hard to see why.

The other Outlook security bug is a combination of a malicious email and tricking people into clicking a link.  It also applies to all supported Outlook for Windows from 2016 back to 2007.

Excel 2016 security breach

This month’s Excel patch is wearily familiar.  Yet again a malicious Excel file can trick you into letting others access your computer.  Microsoft calls these ‘remote code vulnerabilities’.

It only applies to Excel 2016 ‘Click to Run’ or Office 365 releases.

Edge browser

Even Microsoft’s much hyped browser, Edge, gets security patches.  We mention this because Edge is new and supposedly safer than it’s rivals.  Despite being new and built ‘from the ground up’ for security, there are still vulnerabilities.

Want More?

Office Watch has the latest news and tips about Microsoft Office. Independent since 1996. Delivered once a week.