The Last Office For Mac

Posted By admin  On 21.04.21



Feels like a Mac app Microsoft moved fast to support Apple’s new operating systems this year, including the recent addition of support for use of Outlook (or Edge) as the default email client. Choose the right Microsoft 365 for your Mac Manage life’s demands with Microsoft 365. You’ll always stay a step ahead with the latest in AI-powered apps, 1 TB of cloud storage per person, and digital protection for things that matter most. Take your Mac to the stage with a full-screen interface optimized for live performance, flexible hardware control, and a massive collection of plug-ins and sounds that are fully compatible with Logic Pro X. Learn more about MainStage 3. Final Cut Pro X.

  1. Open Office Free For Mac
  2. Office For The Mac
  3. Purchase Office For Mac

Overview

  • The last time Microsoft launched a new Office for OS X was October 2010, when it rolled out Office for Mac 2011. Prior to that, Microsoft issued upgrades in January 2008 (Office for Mac 2008), May.
  • Mac Word 2016 - Save As feature - defaults to last used folder I just transitioned from 2011 to 2016 Word for Mac. When I used 'Save As' on 2011, the save location was defaulted to the folder where the current document is located.

The Microsoft Office for Mac option 'Disable all macros without notification' enables XLM macros without prompting, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

XLM macros

Up to and including Microsoft Excel 4.0, a macro format called XLM was available. XLM macros predate the VBA macros that are more common with modern Microsoft Office systems, however current Microsoft Office versions still support XLM macros.
SYLK and XLM macros
XLM macros can be incorporated into SYLK files, as outlined by Outflank. Macros in the SYLK format are problematic in that Microsoft Office does not open in Protected View to help protect users. This means that users may be a single click away from arbitrary code execution via a document that originated from the internet.
SYLK and XLM macros with Microsoft Office for Mac
It has been reported that Office 2011 for Mac fails to warn users before opening SYLK files that contain XLM macros. According to this post, Microsoft has reported that Office 2016 and Office 2019 for Mac properly prompt the user before executing XLM macros in SYLK files.
The Problem
If Office for the Mac has been configured to use the 'Disable all macros without notification' feature, XLM macros in SYLK files are executed without prompting the user.

Impact

By convincing a user to open specially-crafted Microsoft Excel content on a Mac that has 'Disable all macros without notification' enabled, a remote, unauthenticated attacker may be able to execute arbitrary code with privileges of the user running Excel.

Solution

Apply an update
This issue is addressed for Office 2016 for Mac build 16.16.16 (19111100) and Office 2019 for Mac build 16.31 (19111002), as described in the Microsoft Security update for CVE-2019-1457.

Block SYLK files at email and web gateways
SYLK files, which have the file extension SLK, should be blocked at email and web gateways to help prevent exploitation of this vulnerability.

Vendor Information

Office
Javascript is disabled. Click here to view vendors.

Microsoft Affected

Notified: October 31, 2019 Updated: November 12, 2019

Status

Affected

The Last Office For Mac

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mac

Vendor References


CVSS Metrics

GroupScoreVector
Base 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal 5.8 E:POC/RL:W/RC:C
Environmental 4.4 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Open Office Free For Mac

Acknowledgements

Office For The Mac

This issue was reported by Will Dormann of the CERT/CC.

This document was written by Will Dormann.

Other Information

Purchase Office For Mac

CVE IDs:CVE-2019-1457
Date Public:2019-10-31
Date First Published:2019-11-01
Date Last Updated: 2019-11-15 12:51 UTC
Document Revision: 38