Slashdot Mirror

← Back to Stories (view on slashdot.org)

No Fix for Word Next 'Patch Tuesday'

Posted by Zonk on from the that's-cool-nobody-uses-word-anyway dept.

Sktea writes "A spokesman for Microsoft has said that they will issue no patches on the next 'Patch Tuesday' for versions of Word vulnerable to the recent zero-day threat. There is no mention whatsoever of the omission in the latest advance notification at the company's security site." From the article: "The software maker is working on a security update, but apparently needs more time. The company did not specify how many flaws Tuesday's updates will address or in which components of Windows the holes lie. The Visual Studio update could offer a patch for a zero-day vulnerability in the developer tools that was made public last month. "

11 of 80 comments (clear)

  1. Does this mean a new catch phrase? by zappepcs · · Score: 5, Funny

    Are we going to start calling them zero-week or zero-month vulnerabilities?

    --
    Support NYCountryLawyer RIAA vs People
    1. Re:Does this mean a new catch phrase? by Overly+Critical+Guy · · Score: 4, Insightful

      If this was a WMA DRM crack, we'd see a patch within three days. Don't you just love Microsoft?

      --
      "Sufferin' succotash."
    2. Re:Does this mean a new catch phrase? by meclamar · · Score: 4, Funny

      How about zero-fix vulnerabilities?

  2. They don't have time to patch by Anarke_Incarnate · · Score: 5, Insightful

    This isn't anything critical like fixing a problem with their DRM. This only hurts the end users, not anybody they are beholden to RIGHT NOW in order to attempt to become the supreme overlords of the livingroom, like they so desperately want to be.

    1. Re:They don't have time to patch by morgan_greywolf · · Score: 3, Insightful
      This isn't anything critical like fixing a problem with their DRM. This only hurts the end users, not anybody they are beholden to RIGHT NOW in order to attempt to become the supreme overlords of the livingroom, like they so desperately want to be.

      Exactly. Who cares about existing users in markets they already control, who are addicted to you and will stay with you forever? After all, when you have to spend all of this time throwing chairs about, f**king killing Google, figuring out ways to steal Apple's successful online music business out from under them, and scheming to keep those Linux guys from getting anywhere, you can't be focused on such silly things as customer support. No siree! Win, win, win! That's what I always say!
      --
      My blog
  3. Popeye by spidkit · · Score: 3, Funny

    Wimpey: "I will gladly fix it on Tuesday."

  4. Re:uninsightful by LearnToSpell · · Score: 3, Funny

    Somebody forgot to turn on his sarcasm detector this morning...

    --
    Haida Manga
  5. Re:But... by wytcld · · Score: 5, Insightful

    "received unexpected from trusted sources"

    "Expected" is the tricky word there. Most people who receive Word docs in the course of work expect their normal, trusted sources to send them documents that are themselves somewhat new, newsworthy, you know, containing information that's worth sending. A doc that's totally expected probably didn't need to be sent.

    Let's say you're the editor of a newsletter or magazine. You expect docs from a few score people who occassionally submit stuff. You expect them to show up with e-mails that say, "Hi George, Here it is!" The bad guys can easily fake that stuff - and often do - but you're a normal editor, not a security expert, so you give the normal English reading to "receive unexpected," and this stuff all looks like stuff you expected, so you open it....

    What Microsoft should say is, "Don't open any attached docs without phoning the source first and specifically confirming the file." As it is, they're saying just enough to cover their ass ("We warned you!"), without saying enough to enable the typical user to really practice safe Word use.

    --
    "with their freedom lost all virtue lose" - Milton
  6. Why would they? by Osiris+Ani · · Score: 3, Interesting
    "There is no mention whatsoever of the omission in the latest advance notification at the company's security site."

    My first thought leads me to ask, why would there be any mention of bug fixes that are not included in a patch cluster's content notification? Why would any company specifically call out features that are not being provided in a particular software distribution, in circumstances other than the discovery of a clear and consistent workaround (aside from the standard "temporarily avoid use of [software x]")?

    The situation of miscellaneous zero-day exploits must be embarrassing enough already; I couldn't imagine them calling even more attention to it. "Hey, guess what we're not fixing next week. Check it out!"

  7. Re:Word 2007 by Nasarius · · Score: 3, Interesting

    Conspiracy? Nah. For once, MS doesn't really need strongarm tactics to sell a product. Office 2007, with the first UI overhaul since the days of Windows 3.1, is genuinely worth the upgrade. And it's not even publicly for sale yet. So while you're free to rightly accuse them of incompetence for failing to patch their older (and current) products in a timely fashion, they're probably not being evil.

    --
    LOAD "SIG",8,1
  8. Here's how we get it fixed. by nobodyman · · Score: 3, Funny
    Here's how we get microsoft to act. Let's just tweak the headlines a bit, from:
    New Zero-day Attack Affects Word Users


    To:
    New Zero-day Attack Circumvents Zune DRM


    There, much better. I guarantee Microsoft will release a patch *immediately*.