The software giant has admitted that its next 'Patch Tuesday' update will not address a recently discovered vulnerability in Word that is currently being exploited.
A Microsoft spokesman told vnunet.com that the company is still investigating the matter.
Although the fix is not currently included in the December security update, the spokesman said that Microsoft has not ruled out releasing a separate fix before the next monthly release in January 2007.
The Word vulnerability, which affects at least nine Mac and PC versions of Word and Microsoft Works, has been given the highest possible alert rating of 'extremely critical' by security firm Secunia.
The exploit could allow an attacker to remotely execute malware on a user's system. Security firm F-Secure advises users not to open or save any Word files that come from untrusted sources or arrive unexpectedly from trusted sources.
Microsoft's update due on 12 December fixes five vulnerabilities in Windows, some of which are listed as 'critical', the company's highest security rating.
A fix for Visual Studio that addresses 'critical' vulnerabilities will also be included. As a single Microsoft security bulletin can address several versions of the same application, the security rating for a vulnerability will often differ between releases.
_(36).jpg&h=140&w=231&c=1&s=0)
_(33).jpg&h=140&w=231&c=1&s=0)
_(37).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
.jpg&h=271&w=480&c=1&s=1)
_(1).jpg&h=140&w=231&c=1&s=0)
