Bumper Patch Tuesday short of one patch

Posted by   Virus Bulletin on   Feb 13, 2008

Excel remains vulnerable as expected fix is dropped.

Microsoft has issued its monthly 'Patch Tuesday' set of security updates, with a larger than usual crop of patches for a variety of products, including several for the Office range and Internet Explorer browser. However, one significant patch - for a vulnerability in Excel - was withdrawn from the release after being included in a pre-release notification issued last week.

Of the 11 patches released yesterday, six are marked 'Critical', including updates for Word, Publisher, the Office suite as a whole and the OLE automation system. Internet Explorer is covered with a cumulative patch bundle fixing at least four separate flaws. The five lesser flaws, still rated 'Important', affect Active Directory, the Windows TCP/IP implementation, IIS and Works.

The Excel vulnerability, which was reported to be subject to exploitation in the wild last month, was expected to be fixed in this release, and was included in the official advance notification issued by Microsoft on Thursday last week. However, due to some issues arising during last-minute testing, the patch was withdrawn, and the vulnerability looks likely to remain open until the next Patch Tuesday, in March.

Full details of the patches released are in the Microsoft bulletin here. Comment on the missing Excel patch from ZDNet bloggers is here.

Posted on 13 February 2008 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2020 TIPS presentations: cybercrime in the DACH region and ransomware in LATAM

As part of VB2020 localhost we were proud to co-host the Threat Intelligence Practitioners' Summmit (TIPS), put together by the Cyber Threat Alliance. In a series of blog posts we highlight some of the talks presented in the Summit and the important…

VB2020 TIPS presentation: Intelligence Sharing for Supply Chain Security

As part of VB2020 localhost we were proud to co-host the Threat Intelligence Practitioners' Summmit (TIPS), put together by the Cyber Threat Alliance. In a series of blog posts we highlight some of the talks presented in the Summit and the important…

VB2020 localhost is over, but the content is still available to view!

VB2020 localhost - VB's first foray into the world of virtual conferences - took place last week, but you can still watch all the presentations.

New additions complete the VB2020 localhost programme

The programme for VB2020 localhost - the first virtual, and entirely free to attend VB conference - is now complete, with new additions to both the live programme and the on-demand programme.

VB2020 localhost call for last minute papers: a unique opportunity

Why VB2020 localhost presents a unique opportunity for you to share your research with security experts around the globe.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.