Microsoft Posts, Then Pulls Mac Office Update

Microsoft accidentally posted a pre-release update for Office 2004 for the Mac Wednesday, but quickly yanked the security and stability patch once it noticed the mistake.

According to the update description still on the Microsoft Web site, the unspecified fixes were to "vulnerabilities in Office 2004 that an attacker can use to overwrite the contents of your computer's memory with malicious code," as well as a stability patch for PowerPoint and several improvements to Entourage, the suite's e-mail client.

But the posting was actually a screw-up, said Microsoft.

"The updates posted in error were pre-release binaries that had been staged internally as part of our testing for an upcoming release," wrote Mike Reavy, program manager with the Microsoft Security Response Center (MSRC), on the group's blog. "Due to human error, they were accidentally published to the public Web sites before our full testing release process was complete."

Reavy denied that the patches to Microsoft Word in the sneaked update were related to the two Word zero-day vulnerabilities broached in the last week. "Those investigations are still underway, and we'll release updates for those issues once we've met the appropriate quality bar," Reavy said.

He advised Mac users who had installed the preliminary update to uninstall it immediately. "I'm sorry for any confusion this might have caused," he concluded.

In other Office patch news, as expected, Microsoft didn't roll out fixes for the Word zero-day pair on Tuesday during its monthly patch release.

Although Microsoft only rarely issues out-of-cycle security updates—it has done so just twice in 2006—one security analyst believes it's possible Microsoft will still move on the Word flaws before the year ends.

"Organizations need to be prepared for an early Christmas gift, out-of-cycle patches later in the month," says Chris Andrew, VP of security technologies at patch management vendor PatchLink. "Users should get [Tuesday's vulnerabilities] patched, and then prepare in case there's an out-of-cycle update."