The software giant has admitted that its next 'Patch Tuesday' update will not address a recently discovered vulnerability in Word that is currently being exploited.
A Microsoft spokesman told vnunet.com that the company is still investigating the matter.
Although the fix is not currently included in the December security update, the spokesman said that Microsoft has not ruled out releasing a separate fix before the next monthly release in January 2007.
The Word vulnerability, which affects at least nine Mac and PC versions of Word and Microsoft Works, has been given the highest possible alert rating of 'extremely critical' by security firm Secunia.
The exploit could allow an attacker to remotely execute malware on a user's system. Security firm F-Secure advises users not to open or save any Word files that come from untrusted sources or arrive unexpectedly from trusted sources.
Microsoft's update due on 12 December fixes five vulnerabilities in Windows, some of which are listed as 'critical', the company's highest security rating.
A fix for Visual Studio that addresses 'critical' vulnerabilities will also be included. As a single Microsoft security bulletin can address several versions of the same application, the security rating for a vulnerability will often differ between releases.
.png&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
