Patch Tuesday was a bit anti-climatic today, with several zero-day Office bugs
being reported at the same time that Microsoft rolled out some older patches. Most likely it was done in such a fashion to “maximize exposure” of the flaws, which is seen as a double edged sword by some. With new flaws being revealed at the proper time, those wishing to exploit them have the longest amount of time available to them before a patch is likely to be release. Of course, if they are serious enough Microsoft will step outside their regular cycle. Are these ones? Several of the bugs can result in crashing:
The vulnerabilities were reported in online security forums on Monday, according to a posting on the McAfee Avert Labs blog on Tuesday. All but one of the flaws results in denial of service, meaning the application would crash, according to the blog post.
Though a mere crash isn't much in the big picture, another flaw has the potential for arbitrary code execution. Not all of the flaws may be newly discovered, and may simply be rehashes of what is already known. Either way, it leaves several unpatched flaws in the Office suite and has brought them to light.