Excel remains vulnerable as expected fix is dropped.
Microsoft
has issued its monthly ‘Patch Tuesday’ set of security updates, with a larger than usual crop of patches for a variety of products, including several for the
Office
range and
Internet Explorer
browser. However, one significant patch – for a vulnerability in
Excel
– was withdrawn from the release after being included in a pre-release notification issued last week.
Of the 11 patches released yesterday, six are marked ‘Critical’, including updates for
Word
,
Publisher
, the
Office
suite as a whole and the OLE automation system.
Internet Explorer
is covered with a cumulative patch bundle fixing at least four separate flaws. The five lesser flaws, still rated ‘Important’, affect
Active Directory
, the
Windows
TCP/IP implementation,
IIS
and
Works
.
The
Excel
vulnerability, which was reported to be
subject to exploitation
in the wild last month, was expected to be fixed in this release, and was included in the official advance notification issued by
Microsoft
on Thursday last week. However, due to some issues arising during last-minute testing, the patch was withdrawn, and the vulnerability looks likely to remain open until the next Patch Tuesday, in March.
Full details of the patches released are in the
Microsoft
bulletin
here
. Comment on the missing
Excel
patch from
ZDNet
bloggers is
here
.
Posted on 13 February 2008 by
Virus Bulletin
Leave a Reply