
But zero-day Word bugs remain freely exploitable...
By Joris Evers
Published: 13 December 2006 12:00 GMT
Microsoft on Tuesday released seven security updates with patches for 11 security vulnerabilities, most of which affect the Windows operating system.
The software maker originally planned to release only six security bulletins as part of its monthly patch cycle. However, it added a seventh to deliver a fix for two flaws that affect the Windows Media Format, including one zero-day bug, a company representative said.
Microsoft also provided a patch for a zero-day vulnerability that affects Visual Studio 2005 developer tools. This security hole was disclosed last month and, contrary to the Windows Media issue, has already been used in cyber attacks, the company said.
However, there were no fixes Tuesday for a pair of known flaws in Microsoft Word that are also being exploited in malicious software.
Amol Sarwate, a research manager at vulnerability management company Qualys, said: "While we see Microsoft making an attempt to patch zero-day vulnerabilities, they are still struggling to keep up with the continuous influx of zero-day attacks. Microsoft is making a genuine effort. However, users are still exposed to attacks via the unpatched Word vulnerabilities."
The Windows Media issues are addressed in bulletin MS06-078, one of three "critical" security updates published by Microsoft on this 'Patch Tuesday'. The other high-risk vulnerabilities lie in Internet Explorer and in Visual Studio 2005.
Joris Evers writes for CNET News.com.
Be able to assess internal and external scan reports--identify false positives, research vulnerabilities, communicate results to IP management and ...
You will also have reasonable coding experience and be able to check code for vulnerabilities before it is released. You will conduct regular ...
Candidates must have thorough experience of web application penetration testing which include both knowledge and experience in Man in the Middle ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy