Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Monthly Patch Omits Word Zero-Days

Posted by kdawson on from the swelling-botnets dept.

bungee jumper writes "Microsoft released four bulletins with patches for 10 vulnerabilities but there are no fixes for known MS Word zero-day flaws that are under active attack, eWeek.com reports. The January batch covers critical bugs in Excel, Outlook, and Windows. The first confirmed Windows Vista flaw, a denial-of-service issue that was publicly released on an underground hacker site in Russia, also remains unpatched." eWeek notes that Microsoft originally scheduled eight bulletins for release, but pulled four last Friday without explanation.

7 of 80 comments (clear)

  1. Ummmm... by needacoolnickname · · Score: 5, Insightful

    The patches caused more harm than good so they decided to pull them?

    Damn them for not releasing patches that make a more unstable system! Damn them I say!

    1. Re:Ummmm... by needacoolnickname · · Score: 3, Insightful

      Who are you ducking from around here?

      Sit back, relax, and wait for the Insightful rather than the Redundant moderation points to start rolling in on your comment.

  2. Re:I like that solution. by Opportunist · · Score: 3, Insightful

    In other words, from now on they will only patch issues that have been around long enough to be known by pretty much every malware writer in existance. This is, of course, only to be compliant with the request from anti-malware and firewall companies to still have a share in the biz.

    How dare we accuse MS of being anything but anti-monopolizing and doing good? That's their way of keeping the competition in business!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Skewed statistics by fluffy99 · · Score: 4, Insightful

    If a particular vulnerability affects multiple versions of the program, you generally don't count them all as separate vulnerabilities. eWeek is counting MS07-02 as five separate patches, but really it's the same flaw in five different versions. How many people have multiple versions of Excel on their system anyway?

  4. What the hell does "Zero-day" mean, anyway? by markhb · · Score: 1, Insightful

    Seriously: I think I understand the original meaning of the phrase, to refer to known bugs in the first release of a piece of software, but we're talking about Office 2000 or maybe even earlier in some cases (although MS won't support the older stuff anyway), so what is "zero-day" supposed to refer to? Yes, I looked at Wikipedia, but their Zero-day page (or at least the US-English version) reads to me like a garbled mess.

    --
    Save Maine's economy: write stuff down. All comments are exclusively my own, not my employer.
  5. Re:Local elevation of privilege by Anonymous Coward · · Score: 2, Insightful

    Whoa, I didn't realize that Vista has garnered a huge marketshare, cuz ya know, script children only target OS with the highest marketshare.

  6. Darn? by Anonymous+McCartneyf · · Score: 3, Insightful

    In case of emergency, break out the OpenOffice, specifically the "Writer" program. It can handle .doc files almost as well as Word, and it's free.
    Also consider e-mailing the .doc files to your home computer, since your boss is apparently keeping an eye on what software is on your work computer.
    Disclaimer:
    I am getting two MS Updates today--one for IE7, and the usual malware "stinger." I don't actually use IE--I updated it for security...
    This has actually been a better month for MS update-downloads than most months last year.

    --
    There is a fine line between recklessness and courage... -- Paul McCartney