Establishing Digital Trust: Don't Sacrifice Security for Convenience
Interestingly, Microsoft (Quote) has not announced any plans to fix Office vulnerabilities, even though there are at least three outstanding Office vulnerabilities that have been known since February at the very least.
Microsoft said the highest priority issue in the five patches is listed as Critical, the most severe rating. As is custom, the software giant did not give details on the problem, nor how many total fixes will be issued. A security bulletin from Microsoft does not necessarily mean a single vulnerability. One bulletin may cover several.
In addition to the fixes, Microsoft will release two non-security high-priority updates for Windows on Windows Update and four non-security high-priority updates on Microsoft Update.The company will hold a Webcast on Wednesday, April 11, 2007 at 11:00 AM Pacific Time to discuss the fixes.
This past week, Microsoft was forced to make a rare out-of-band fix after a severe vulnerability was found in its animated cursors. Microsoft considered that vulnerability to be the most severe one it had seen in years.
However, the animated cursor fix wasn't without its problems. A posting on the SANS Internet Storm Center reports that the patch is causing problems with Realtek audio devices.
And the fix isn't stopping the bad guys from trying to exploit the animated cursor vulnerability. Web security firm Sophos reported Wednesday that a new spam campaign had been launched to lure users to Web sites where their unpatched systems could be infected with malware.