New Office flaws overshadow Patch Tuesday

It must be zero-day Wednesday.
Microsoft and security researchers are investigating reports of several potentially serious bugs affecting Microsoft Office, made public just as Microsoft patched critical flaws in Windows XP, Vista and other software on Tuesday.

The new bugs appeared in several security forums on Monday, and were reported by security firms such as McAfee’s Avert Labs on Tuesday.

“This is yet another time that zero-day flaws have been published around a Patch Tuesday, possibly to maximize the public’s exposure to these flaws until the next month’s Patch Tuesday,” wrote McAfee researcher Karthik Raman on Tuesday.

Raman said all but one of the Office flaws resulted in shutting down the application, but one heap-overflow flaw could be exploited to execute malicious code.

Microsoft said in a statement that it is investigating the reports, but isn’t aware of any active exploitation. Microsoft and security firms both kept quiet on details of the flaws, citing the need to protect customers.

Related posts

• Microsoft swats critical bugs (0)
• Microsoft denies Office flaw reports (0)
• Zune receives a scathing review from the Chicago Sun-Times (0)
• ZUI and the Skype PKI (0)
• ZIP then, RAR now. What’s next? (0)