Bumper Patch Tuesday short of one patch
Excel remains vulnerable as expected fix is dropped.
Microsoft has issued its monthly 'Patch Tuesday' set of security updates, with a larger than usual crop of patches
for a variety of products, including several for the Office range and Internet Explorer browser. However, one
significant patch - for a vulnerability in Excel - was withdrawn from the release after being included in a
pre-release notification issued last week.
Of the 11 patches released yesterday, six are marked 'Critical', including updates for Word, Publisher,
the Office suite as a whole and the OLE automation system. Internet Explorer is covered with a cumulative
patch bundle fixing at least four separate flaws. The five lesser flaws, still rated 'Important', affect
Active Directory, the Windows TCP/IP implementation, IIS and Works.
The Excel vulnerability, which was reported to be subject to exploitation in
the wild last month, was expected to be fixed in this release, and was included in the official advance notification
issued by Microsoft on Thursday last week. However, due to some issues arising during last-minute testing,
the patch was withdrawn, and the vulnerability looks likely to remain open until the next Patch Tuesday, in March.
Full details of the patches released are in the Microsoft bulletin
here. Comment on the missing Excel
patch from ZDNet bloggers is here.
13 February 2008
Tags:
excel, exploit, microsoft, patch, patch tuesday, vulnerability.
del.icio.us 
digg this
