X

No fix yet for zero-day flaw in Word

Microsoft will have patches for Windows and Visual Studio on Tuesday, but apparently not for a Word flaw being used in cyberattacks.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
As part of its monthly patch cycle, Microsoft plans to release on Tuesday six security bulletins, at least two of them deemed "critical."

Five of the security bulletins will include fixes for vulnerabilities in Windows, Microsoft said in a notice on its Web site Thursday. The sixth bulletin will offer an update for Visual Studio, it said.

Microsoft has not scheduled a patch for Office. Earlier this week, it warned that a yet-to-be-patched security hole in multiple versions of Word--part of the Office suite--is being exploited in cyberattacks. The software maker is working on a security update, but apparently needs more time.

The company did not specify how many flaws Tuesday's updates will address or in which components of Windows the holes lie. The Visual Studio update could offer a patch for a zero-day vulnerability in the developer tools that was made public last month.

The company has tagged the security hole in the developer tool as "critical," its highest risk rating. Critical vulnerabilities typically can allow a worm to spread or allow a Windows system to be fully compromised with minor or no interaction from the person using it. However, it did not offer details on exactly what will be fixed in Visual Studio.

Also on Tuesday, Microsoft will release an updated version of its Windows Malicious Software Removal Tool. The program detects and removes common malicious code placed on computers.

Last month, the software maker delivered six security bulletins, five of which were described as critical.

Microsoft gave no further information on the upcoming bulletins, other than stating that some of the Windows fixes may require restarting the computer or server.