Slashdot Mirror

← Back to Stories (view on slashdot.org)

No Fix for Word Next 'Patch Tuesday'

Posted by Zonk on from the that's-cool-nobody-uses-word-anyway dept.

Sktea writes "A spokesman for Microsoft has said that they will issue no patches on the next 'Patch Tuesday' for versions of Word vulnerable to the recent zero-day threat. There is no mention whatsoever of the omission in the latest advance notification at the company's security site." From the article: "The software maker is working on a security update, but apparently needs more time. The company did not specify how many flaws Tuesday's updates will address or in which components of Windows the holes lie. The Visual Studio update could offer a patch for a zero-day vulnerability in the developer tools that was made public last month. "

5 of 80 comments (clear)

  1. But... by feld · · Score: 2, Interesting

    Their solution certainly said that we aren't to open any MS Word documents. Does this mean Microsoft will pay unemployment to the people that deal with Word documents all day, but can't open them due to security issues?

  2. Re:(-1) Did not actually read advisory by feld · · Score: 2, Interesting

    Yeah, ok. Like it's that easy. Tell that to the Human Resources lady who has to open up Word documents containing resumes/cover letters from random people. Get my drift? Why do you all have to be pricks without thinking first?

  3. Re:(-1) Did not actually read advisory by Anonymous Coward · · Score: 2, Interesting

    Yeah, ok. Like it's that easy. Tell that to the Human Resources lady who has to open up Word documents containing resumes/cover letters from random people. This is exactly what part of my job is. I handle the resumes we get from candidates and input them into our database. What do I tell my boss? Sorry, can't get any new hires because if I open a resume my computer will explode? That won't fly.
  4. Why would they? by Osiris+Ani · · Score: 3, Interesting
    "There is no mention whatsoever of the omission in the latest advance notification at the company's security site."

    My first thought leads me to ask, why would there be any mention of bug fixes that are not included in a patch cluster's content notification? Why would any company specifically call out features that are not being provided in a particular software distribution, in circumstances other than the discovery of a clear and consistent workaround (aside from the standard "temporarily avoid use of [software x]")?

    The situation of miscellaneous zero-day exploits must be embarrassing enough already; I couldn't imagine them calling even more attention to it. "Hey, guess what we're not fixing next week. Check it out!"

  5. Re:Word 2007 by Nasarius · · Score: 3, Interesting

    Conspiracy? Nah. For once, MS doesn't really need strongarm tactics to sell a product. Office 2007, with the first UI overhaul since the days of Windows 3.1, is genuinely worth the upgrade. And it's not even publicly for sale yet. So while you're free to rightly accuse them of incompetence for failing to patch their older (and current) products in a timely fashion, they're probably not being evil.

    --
    LOAD "SIG",8,1