Flaw in Office 2013 Desktop Can Compromise Your Entire Organization, Patch Now

Assigned to the pile of December 2013's security updates is a serious flaw that could potentially give access to your entire company's stored documents.

In May 2013, Adallom disclosed a vulnerability to the MSRC (Microsoft Security Response Center) and a fix has been provided in CVE-2013-5054 (Security Bulletin MS13-104) this month.

This is an important update to apply if your company is using Office 2013 desktop version and SharePoint for Office 365. Detailed on the Adallom blog, anyone can write and distribute a fake Office 365 authentication token that gives full access to SharePoint resources. All of Office 2013 Desktop is vulnerable. PowerPoint, Excel, OneNote, Word – all of it. And, since SkyDrive Pro is, in actuality, a SharePoint Online site, this same vulnerability could give access to the entire contents of your synched files and folders.

Make sure to patch!  And, read through the Adallom blog to get a full understanding of the problem:  Severe Office 365 Token Disclosure Vulnerability – Research and Analysis