Bumper Patch Tuesday short of one patch

Posted by   Virus Bulletin on   Feb 13, 2008

Excel remains vulnerable as expected fix is dropped.

Microsoft has issued its monthly 'Patch Tuesday' set of security updates, with a larger than usual crop of patches for a variety of products, including several for the Office range and Internet Explorer browser. However, one significant patch - for a vulnerability in Excel - was withdrawn from the release after being included in a pre-release notification issued last week.

Of the 11 patches released yesterday, six are marked 'Critical', including updates for Word, Publisher, the Office suite as a whole and the OLE automation system. Internet Explorer is covered with a cumulative patch bundle fixing at least four separate flaws. The five lesser flaws, still rated 'Important', affect Active Directory, the Windows TCP/IP implementation, IIS and Works.

The Excel vulnerability, which was reported to be subject to exploitation in the wild last month, was expected to be fixed in this release, and was included in the official advance notification issued by Microsoft on Thursday last week. However, due to some issues arising during last-minute testing, the patch was withdrawn, and the vulnerability looks likely to remain open until the next Patch Tuesday, in March.

Full details of the patches released are in the Microsoft bulletin here. Comment on the missing Excel patch from ZDNet bloggers is here.

Posted on 13 February 2008 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.