New Office exploits revealed on Patch Tuesday

By Justin Mann on April 10, 2007, 7:52 PM
Patch Tuesday was a bit anti-climatic today, with several zero-day Office bugs being reported at the same time that Microsoft rolled out some older patches. Most likely it was done in such a fashion to “maximize exposure” of the flaws, which is seen as a double edged sword by some. With new flaws being revealed at the proper time, those wishing to exploit them have the longest amount of time available to them before a patch is likely to be release. Of course, if they are serious enough Microsoft will step outside their regular cycle. Are these ones? Several of the bugs can result in crashing:

The vulnerabilities were reported in online security forums on Monday, according to a posting on the McAfee Avert Labs blog on Tuesday. All but one of the flaws results in denial of service, meaning the application would crash, according to the blog post.
Though a mere crash isn't much in the big picture, another flaw has the potential for arbitrary code execution. Not all of the flaws may be newly discovered, and may simply be rehashes of what is already known. Either way, it leaves several unpatched flaws in the Office suite and has brought them to light.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.