Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Monthly Patch Omits Word Zero-Days

Posted by kdawson on from the swelling-botnets dept.

bungee jumper writes "Microsoft released four bulletins with patches for 10 vulnerabilities but there are no fixes for known MS Word zero-day flaws that are under active attack, eWeek.com reports. The January batch covers critical bugs in Excel, Outlook, and Windows. The first confirmed Windows Vista flaw, a denial-of-service issue that was publicly released on an underground hacker site in Russia, also remains unpatched." eWeek notes that Microsoft originally scheduled eight bulletins for release, but pulled four last Friday without explanation.

10 of 80 comments (clear)

  1. I like that solution. by User+956 · · Score: 4, Funny

    Microsoft released four bulletins with patches for 10 vulnerabilities but there are no fixes for known MS Word zero-day flaws that are under active attack

    Well, that's because there aren't any zero-day flaws. Microsoft changed the name to ">1 day flaws", thereby solving the problem forever.

    --
    The theory of relativity doesn't work right in Arkansas.
  2. Oh no, they found our backdoor... by ultramkancool · · Score: 1, Funny

    Now we have to spend a few years rewriting before we can make a patch.

  3. As long as... by ackthpt · · Score: 2, Funny

    It's OK, as long as they have the patch of the patch of the bug formerly known as Prince.

    --

    A feeling of having made the same mistake before: Deja Foobar
  4. Re:Ummmm... by marcello_dl · · Score: 3, Funny

    >The patches caused more harm than good so they decided to pull them?

    Not much of an excuse, considering that most Microsoft software causes more harm than good, yet they release it.

    *ducks*

    --
    ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
  5. Re:Ummmm... by marcello_dl · · Score: 5, Funny

    > Who are you ducking from around here?

    Sorry for the qui pro quack, I actually meant that Microsoft software is likely to have been conceived and released by ducks.

    --
    ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
  6. Re:Local elevation of privilege by Creepy+Crawler · · Score: 2, Funny

    --Local elevation of privilege is now considered a DoS attack on Vista?

    Absolutely. Considering that all the anti-user media playback programs are running under SYSTEM-like permissions, any sort of elevations breaks DRM.

    Not patching broken DRM means the media ogres get really mad.

    --
  7. Damn... by locokamil · · Score: 3, Funny

    It's been 18 days since I've been able to us MS Word. My boss is very unhappy-- I may lose my job.

    Damn you Microsoft!

  8. As a literal word? by staticdaze · · Score: 4, Funny

    Anyone else read that as: MS Monthly Patch Omits Word "Zero-Days" ?

    They aren't zero day, they're "highly relevant to your enterprise investment"!

  9. Re:Ummmm... by Fulcrum+of+Evil · · Score: 2, Funny

    I actually meant that Microsoft software is likely to have been conceived and released by ducks.

    Not ducks - Canadian Geese. Have you seen the way they shit?

    --
    "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
  10. Publicly Underground by SunTzuWarmaster · · Score: 2, Funny

    Does anyone else see the irony in: "a denial-of-service issue that was publicly released on an underground hacker site in Russia, also remains unpatched."