CNET News.com is reporting Microsoft leaves Word zero-day holes unpatched. Hmmm… is it still a zero-day hole if it has been around for a while? I’m afraid the term has lost its punch. Nonetheless, Cnet goes on to say,
Microsoft on Tuesday released fixes for vulnerabilities in its Windows and Office software, but left several known Word zero-day flaws without a patch.
As part of its monthly patch cycle, Microsoft published four security bulletins with fixes for 10 vulnerabilities. Three of the bulletins are deemed “critical,” the company’s most serious rating; the fourth is tagged “important,” a notch lower. All bulletins, however, address flaws that could allow an attacker to commandeer a PC.
Nasty stuff. It’s the second week of 2007, and Microsoft patches are already up to MS07-08, although four of the patches were pulled from this release. I wonder if they’ll still be “zero-day” next month?
Hit the Microsoft site at http://www.microsoft.com/security if you need more information on these patches. Get patching!