Mac OS X,  Mac Security

Office 12.1.7 for Mac Update Seems Way Too Big

The Office 12.1.7 update is out and available for download.  Because this is a security fix, you should definitely run this update. Provided you use Microsoft Auto-Update you should be able to install it automatically; otherwise, Microsoft describes the update and has a download available in their KnowledgeBase. It’s a rather large update, at about 268MB. I made a snapshot and looked at what it does, and like many updates from Microsoft before it, it changes so many files it’s difficult to tell exactly (including all of the .app bundles). Per Microsoft:

This update fixes vulnerabilities in Office 2008 that an attacker can use to overwrite the contents of your computer’s memory by using malicious code. For more information, see the security bulletin that is mentioned in the “Introduction” section.

Not to complain or anything, but the security bulletin about the vulnerability that this update is supposed to fix only pertains to Excel. Therefore, it seems silly to update the auto-updater, proofing tools, etc. Remote code execution vulnerabilities are a big deal and all, and so I am all for running this, but it seems like the update should be a few MB, not a few hundred.  And there are absolutely no other fixes mentioned in the KB article.  Maybe it’s not weird, since I’m assuming any of these apps can open an Excel document, and I’m just being grumpy again…  No it’s weird – but run the update anyway.

And if you run the update, you’ll need to Allow Entourage access to open network connections again, if you’re using the 10.5 application firewall (and you should be using the firewall).  But you won’t have to wait for anything to be done to the Entourage database, no defrags/rebuilds/whatever it does sometimes.