Microsoft's latest Patch Tuesday updates have failed to block known software flaws in Word that are currently being exploited.
Redmond has known about three zero-day flaws affecting its Word software since November and December last year, but has failed to fix them in the previous two patch releases.
Security firm McAfee said that it had expected Microsoft to patch the three Word vulnerabilities in this release.
"Business applications continue to be a prime target for malicious code writers, which is evident in today's vulnerabilities patched by Microsoft," said Dave Marcus, security research and communications manager at McAfee's Avert Labs.
"Coverage for this vector of threats continues to be a primary area of research for McAfee and we recommend that users of these applications take extra precautions to protect their systems."
Three of the four patches released did fix 'critical' vulnerabilities in Microsoft Outlook, Excel and the Vector Markup Language that could allow malicious code to be run on a user's machine.
Microsoft had originally announced eight updates for January, but revised that figure to four a few days later.
Microsoft leaves major Word flaws unpatched
By
Matt Chapman
on
Jan 11, 2007 3:04PM

Still no fix for three critical vulnerabilities.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see