Microsoft no-security-patch statement gives cybercrooks more time
In an unpopular move, Microsoft is not planning to release any security updates on Tuesday, despite the fact that the company has already confirmed the existence of at least one Word zero-day exploit, giving cybercrooks more time to exploit known security vulnerabilities.
While there will be no security updates, this does not mean Microsoft is not working on some fixes.
“Microsoft continues to investigate potential and existing vulnerabilities in an effort to help protect our customers,” a company spokesman told infoworld. “Creating security updates that effectively and comprehensively fix vulnerabilities is an extensive process involving a series of sequential steps. All updates need to meet testing standards in order to be released. This ensures that our customers can confidently install these updates in their environment.”
Microsoft is currently working on patches for known vulnerabilities in Internet Explorer 7, Office 2007’s Publisher 2007 and Windows Vista OS, but they are not ready for release at the moment, a spokesman from Microsoft’s public relations firm told IDG News Service.
Instead of patches, Microsoft announced that it will release six non-security, high-priority updates for Windows Updates. Two of the six updates will be for Windows Update and Software Update Services, or SUS. The other four updates will be for Microsoft Update and Windows Server Update Services, or WSUS.
Microsoft also will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
There are five known zero-day holes in Microsoft products, according to eEye Digital Security. Microsoft has warned that a bug in Word is being exploited in attacks. The company has said it is working on a fix.
This lack of security updates means only one thing. Cybercrooks have now more time to exploit known security vulnerabilities.
Related Posts:
