Microsoft leaves major Word flaws unpatched

Microsoft's latest Patch Tuesday updates have failed to block known software flaws in Word that are currently being exploited. 

Redmond has known about three zero-day flaws affecting its Word software since November and December last year, but has failed to fix them in the previous two patch releases. 

Security firm McAfee said that it had expected Microsoft to patch the three Word vulnerabilities in this release. 

"Business applications continue to be a prime target for malicious code writers, which is evident in today's vulnerabilities patched by Microsoft," said Dave Marcus, security research and communications manager at McAfee's Avert Labs.

"Coverage for this vector of threats continues to be a primary area of research for McAfee and we recommend that users of these applications take extra precautions to protect their systems."

Three of the four patches released did fix 'critical' vulnerabilities in Microsoft Outlook, Excel and the Vector Markup Language that could allow malicious code to be run on a user's machine.

Microsoft had originally announced eight updates for January, but revised that figure to four a few days later.

Copyright ©v3.co.uk

microsoft wordsecurity