此安全更新可解决 Microsoft Office 中 3 个私下报告的漏洞。如果经特殊设计的文件在 Microsoft Office 2007 受影响的版本中打开,则这些漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可能会获得与当前用户相同的用户权限。那些帐户被配置为拥有较少系统用户权限的客户比具有管理用户权限的客户受到的影响要小。
对于 Microsoft Word 2007、Microsoft Word Viewer 和 Microsoft Office 兼容包的受支持版本,此安全更新的等级为“重要”。该安全更新通过更正 Microsoft Office 分析经特殊设计的文件的方式来解决漏洞。
More
此安全更新解决 Microsoft Office 中两个秘密报告的漏洞。如果用户打开与特制库文件位于同一网络目录下的 Office文件,最严重的漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与当前用户相同的用户权限。那些帐户被配置为拥有较少系统用户权限的客户比具有管理用户权限的客户受到的影响要小。
对于 Microsoft Office 2007、Microsoft Office 2010 和 Microsoft Office 2013 的受支持版本,此安全更新的等级为“重要”。该全更新通过帮助确保 Microsoft Office 中的中文(简体)语法检查器功能在加载外部库之前验证文件路径并帮助确保 Microsoft Office 软件正确处理来自网站的特制响应来解决漏洞。
More
Microsoft Office Proofing Tools 2013 Service Pack 1 (SP1) provides the latest updates for Office Proofing Tools 2013. This service pack includes two kinds of fixes:
Previously unreleased fixes that are included in this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and security.
All the monthly security updates that were released through January 2014, and all the Cumulative Updates that were released through December 2013.
More
Microsoft Office 2013 Service Pack 1 (SP1) provides the latest updates for Office 2013. This service pack includes two kinds of fixes:
Previously unreleased fixes that are included in this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and security.
All the monthly security updates that were released through January 2014, and all the Cumulative Updates that were released through December 2013.
Overview of Office 2013 SP1 improvements
The following are the key areas of improvement that are offered by this SP1:
Improves compatibility with Windows 8.1.
Improves compatibility with Internet Explorer 11.
Improves compatibility with modern hardware, such as high-DPI devices and the precision touchpad.
Provides new apps for Office capabilities and APIs for third-party developers.
More
This security update resolves one publicly disclosed vulnerability in a Microsoft Office shared component that is currently being exploited. The vulnerability could allow security feature bypass if a user views a specially crafted webpage in a web browser capable of instantiating COM components, such as Internet Explorer. In a web-browsing attack scenario, an attacker who successfully exploited this vulnerability could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.
This security update is rated Important for supported editions of Microsoft Office 2007 and Microsoft Office 2010 software. The security update addresses the vulnerability by helping to ensure that the Microsoft Office shared component properly implements ASLR.
More
此安全更新可解决 Microsoft Office 中一个秘密报告的漏洞,如果用户尝试打开恶意网站上托管的 Office 文件,则该漏洞可能允许信息泄露。成功利用此漏洞的攻击者可以确定用于在目标 SharePoint 或其他 Microsoft Office Server 站点上对当前用户进行身份验证的访问令牌。
对于 Microsoft Office 2013 和 Microsoft Office 2013 RT 软件的受支持版本,此安全更新的等级为“重要”。该安全更新通过帮助确保 Microsoft Office 软件正确处理来自网站的特制响应来解决漏洞。
More
此安全更新可解决 Microsoft Office 中 3 个秘密报告的漏洞。如果受影响的在 Microsoft Office 软件版本中打开特制 WordPerfect 文档文件,则这些漏洞可能允许远程执行代码。成功利用最严重的漏洞的攻击者可以获得与当前用户相同的用户权限。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。
对于 Microsoft Office 2003、Microsoft Office 2007、Microsoft Office 2010、Microsoft Office 2013 和 Microsoft Office 2013 RT 软件的所有受支持版本,此安全更新的等级为“重要”。该安全更新通过更正 Microsoft Office 软件分析特制文件的方式来解决漏洞。
More
此安全更新可解决 Microsoft Office 中秘密报告的 13 个漏洞。如果特制文件在 Microsoft Office 软件受影响的版本中打开,则最严重的漏洞可能允许远程执行代码。成功利用最严重的漏洞的攻击者可以获得与当前用户相同的用户权限。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。
对于 Microsoft Office 2003(包括 Microsoft Word 2003 和 Microsoft Word Viewer)、Microsoft Office 2007(包括 Microsoft Word 2007 和 Microsoft Office 兼容包)和 Microsoft Word 2010 的受支持版本,此安全更新的等级为“重要”。该安全更新通过更正 Microsoft Office 分析特制文件的方式并更正 Word 使用的 XML 分析程序解析特制文件中外部实体的方式来解决漏洞。
More
Microsoft Office Web Apps Service Pack 2 (SP2) provides the latest updates for Office Web Apps. Additionally, this service pack includes two kinds of fixes:
Previously unreleased fixes that were created specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.
All the public updates that were released through May 2013, and all the cumulative updates that were released through April 2013.
More
Microsoft Office 2010 Service Pack 2 (SP2) provides the latest updates for Office 2010. This service pack includes two kinds of fixes:
Previously unreleased fixes that are included in this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and security.
All the public updates that were released through May 2013, and all the cumulative updates that were released through April 2013.
More