Security bug patches in Office for May 2018


Another month, another set of security bugs in Microsoft Office.  It’s Microsoft’s version of Groundhog Day.

The May 2018 dump of patches involves 102 updates covering:

  • Office versions from Office 2010 to the latest Office 2016
  • Core Office features
  • Word
  • Excel
  • Sharepoint and Project server.

Most people don’t need to do anything.  Windows and Office will automatically update the necessary patches.

Microsoft releases patches for security bugs in Office almost every month.  With the patches comes the usual deliberately convoluted and obscuring documentation.  The same carefully crafted phrases are used month after month:

” could allow remote code execution if a user opens a specially crafted Office file.”

They don’t say if the ‘Office file’ is the new format (.docx .xlsx etc) or the older (.doc .xls etc) formats.  Quite often the bugs can only be exploited opening an older document but that’s an important distinction that Microsoft refuses to make.

Word 2010-2016

Yet again, hacked Word documents can be used to infect a computer, steal or ransom your files.

Excel 2010-2016

A “specially crafted file with an affected version of Microsoft Excel” (again, no mention of .xls vs .xlsx ) can gain access to your computer.

A single update fixes four different security bugs: