Time to patch your Office 2013/Pro Plus: ms13-104

The token security issue reported in May 2013 (Read the full story on http://adallom.com/blog/severe-office-365-token-disclosure-vulnerability-research-and-analysis/), that Office Pro Plus could be tricked in sending out it’s token for Office 365 while talking to a malicious site. Through that mechanism users tokens could be collected and be used for easy access to the users data, mailbox, …

The resolution is finally released as a part of the automatic updates of Windows/Office. You can download the patch on http://technet.microsoft.com/en-us/security/bulletin/ms13-104 if you only want to deploy this one.

I urge you to install it as soon as possible.

Read also Paul Robichaux’ blog post about the topic: http://paulrobichaux.wordpress.com/2014/01/02/office-365-token-disclosure-flaw-patch-your-desktops-now/?utm_content=buffer0f5ae&utm_source=buffer&utm_medium=twitter&utm_campaign=Buffer

Leave a Reply