Four fixes from Microsoft on Patch Tuesday, but none for critical Word flaws

Microsoft released four security bulletins today to address nine critical vulnerabilities in Excel, Outlook and vector markup language (VML) but perhaps the biggest news out of the security update is what it did not address.

The software giant did not offer fixes for three zero-day holes in Word, two of which, according to Microsoft researchers, have been exploited in "limited and targeted attacks."

Those two have now survived consecutive Patch Tuesdays without being sewed up.

Initially, Microsoft had planned to issue eight fixes today but released half that many, leading some security researchers to speculate that the Word fixes originally were included but were axed because they did not pass last-minute quality assurance testing across Office's huge user base. News - IT Security News - SC Magazine UK

Linked by shanmuga Wednesday, 10th January 2007 10:07PM