Microsoft Security Bulletin MS13-026 - Important

Microsoft has not identified any mitigating factors for this vulnerability.

Microsoft has not identified any workarounds for this vulnerability.

What is the scope of the vulnerability? 
This is an information disclosure vulnerability.

What causes the vulnerability? 
The vulnerability is caused when a user previews or opens a specially crafted HTML email message and Microsoft Outlook for Mac or Microsoft Entourage for Mac allows content from a remote server to be loaded without user interaction.

What might an attacker use the vulnerability to do? 
An attacker could identify that a specially crafted email message they sent was rendered in an HTML mail viewer. This could allow the attacker to confirm that the targeted email account is valid and that the specially crafted email has been read.

How could an attacker exploit the vulnerability? 
To exploit the vulnerability, an attacker could send a user a specially crafted HTML email message that contains HTML5 content tags. The vulnerability could be exploited when the user previews or opens the email message.

What systems are primarily at risk from the vulnerability? 
Systems that are running an affected version of Microsoft Outlook for Mac or Microsoft Entourage for Mac, and that have a WebKit browser installed, are primarily at risk.

What is WebKit? 
WebKit is an open source layout engine that is used by other browsers, such as Apple Safari, to render webpages.

What does the update do? 
The update addresses the vulnerability by helping to ensure that Microsoft Outlook for Mac and Microsoft Entourage for Mac do not download content from external sources without user consent.

When this security bulletin was issued, had this vulnerability been publicly disclosed? 
No. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.

When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? 
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.

Prerequisites

• Mac OS X version 10.4.9 or later version on an Intel, PowerPC G5, or PowerPC G4 (500 MHz or faster) processor
• Mac OS X user accounts must have administrator privileges to install this security update

Installing the Update

Download and install the appropriate language version of the Microsoft Office 2008 for Mac 12.3.6 Update from the Microsoft Download Center.

1. Quit any applications that are running, including virus-protection applications, all Microsoft Office applications, Microsoft Messenger for Mac, and Office Notifications, because they might interfere with installation.
2. Open the Microsoft Office 2008 for Mac 12.3.6 Update volume on your desktop. This step might have been performed for you.
3. To start the update process, in the Microsoft Office 2008 for Mac 12.3.6 Update volume window, double-click the Microsoft Office 2008 for Mac 12.3.6 Update application, and follow the instructions on the screen.
4. If the installation finishes successfully, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see the following "Verifying Update Installation" heading. To remove the update installer, first drag the Microsoft Office 2008 for Mac 12.3.6 Update volume to the Trash, and then drag the file that you downloaded to the Trash.

Verifying Update Installation

To verify that a security update is installed on an affected system, follow these steps:

1. In the Finder, navigate to the Application Folder (Microsoft Office 2008: Office).
2. Select the file, Microsoft Component Plugin.
3. On the File menu, click Get Info or Show Info.

If the Version number is 12.3.6, the update has been successfully installed.

Restart Requirement

This update does not require you to restart your computer.

Removing the Update

This security update cannot be uninstalled.

Additional Information

If you have technical questions or problems downloading or using this update, see Microsoft for Mac Support to learn about the support options that are available to you.

Prerequisites

• Mac OS X version 10.5.8 or later version on an Intel processor
• Mac OS X user accounts must have administrator privileges to install this security update

Installing the Update

Download and install the appropriate language version of the Microsoft Office for Mac 2011 14.3.2 Update from the Microsoft Download Center.

1. Quit any applications that are running, including virus-protection applications and all Microsoft Office applications, because they might interfere with installation.
2. Open the Microsoft Office for Mac 2011 14.3.2 Update volume on your desktop. This step might have been performed for you.
3. To start the update process, in the Microsoft Office for Mac 2011 14.3.2 Update volume window, double-click the Microsoft Office for Mac 2011 14.3.2 Update application, and follow the instructions on the screen.
4. When the installation finishes successfully, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see the following "Verifying Update Installation" heading. To remove the update installer, first drag the Microsoft Office for Mac 2011 14.3.2 Update volume to the Trash, and then drag the file that you downloaded to the Trash.

Verifying Update Installation

To verify that a security update is installed on an affected system, follow these steps:

1. In the Finder, navigate to the Application Folder (Microsoft Office 2011).
2. Select Word, Excel, PowerPoint or Outlook and launch the application.
3. On the Application menu, click About Application_Name (where Application_Name is Word, Excel, PowerPoint or Outlook).

If the Latest Installed Update Version number is 14.3.2, the update has been successfully installed.

Restart Requirement

This update does not require you to restart your computer.

Removing the Update

This security update cannot be uninstalled.

Additional Information

If you have technical questions or problems downloading or using this update, see Microsoft for Mac Support to learn about the support options that are available to you.