Original URL: http://www.channelregister.co.uk/2009/03/06/march_patch_tuesday_pre_alert/
March patch Tuesday omits Excel fix
Zero-day, nada relief
Posted in Software & Security, 6th March 2009 10:21 GMT
Free whitepaper – Solid State Drives and High-Speed Memory
Microsoft forthcoming patch Tuesday will bring no relief from an unpatched Excel flaw that's the target of active malware attacks.
The March edition of Black Tuesday promises [1] three updates, one of which Redmond classifies as critical because it poses a code execution risk. The other two flaws involve spoofing risks and are assigned to the "important" category.
As usual, Microsoft's pre-release is thin on specifics - understandably it doesn't want to give hackers too many clues - but we do know all four cover Windows. All supported version of Windows, including Vista, will need patching.
An unpatched vulnerability in Excel has been the target [2] of hacking attacks since late last month. A patch to defend against the underlying vulnerability would fall into the Office category, so we know it won't arrive next Tuesday and is therefore highly unlikely to appear until April. ®