No patch for Word flaw in new Security Update
Microsoft fixes IE, Outlook, Windows Media Player holes
Microsoft 's last Security Update of the year issued patches for critical security holes in three Microsoft products, but nowhere to be seen was a patch for the latest Word vulnerability.
Released yesterday, the latest Microsoft Security Update features patches for security holes in Visual Studio 2005, Internet Explorer and Windows Media Player. In total, seven patches for 11 bugs are included in the update.
The Update did not include patches for the critical Word vulnerabilities that have become known recently.
The Internet Explorer update concerns versions 5.01 and 6, and patches four different vulnerabilities.
The Visual Studio problem affects the WMI Object Broker function and can lead to malicious code infecting the computer so that an unauthorised user can take over control of the computer.
Besides the critical problems, Microsoft also issued patches for other vulnerabilities in Outlook Express, Remote Installation Service, and Windows.
'Very limited, targeted attacks', says Microsoft
On its blog, Microsoft confirms the vulnerabilities, and that malicious code taking advantages of these security holes exists. The software giant is keen to stress that it involves 'very limited, targeted attacks'.
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
"When we talk about "very limited, targeted attacks" we specifically mean this in contrast to attacks that affect a broad number of customers randomly. Unlike these broad, random attacks, these very limited, targeted attacks are carried out against a very small number of customers (sometimes only one or two even) and are carried out in a very deliberate fashion against a specific organisation or organisations," writes Christopher Budd on the Microsoft Security Response Center blog .
The Security Updates can be downloaded via Windows Update, Microsoft Update, Windows Server Update Services and Download Center.
The next instalment of Microsoft's Security Update is due on 9 January, 2007. Anna Lagerkvist
Tech.co.uk was the former name of TechRadar.com. Its staff were at the forefront of the digital publishing revolution, and spearheaded the move to bring consumer technology journalism to its natural home – online. Many of the current TechRadar staff started life a Tech.co.uk staff writer, covering everything from the emerging smartphone market to the evolving market of personal computers. Think of it as the building blocks of the TechRadar you love today.