This is usually not a good sign when articles are being published about vulnerabilities that remain unpatched. While I feel it is important to notify the readers here about these live vulnerabilities, it also allows hackers and the like to learn about them as well. This in turn will probably lead to the development of publicly available user-friendly tools that will exploit these vulnerabilities. Then again, it also spreads the word to security groups so they can try and come up with a patch if Microsoft is not available to do in proper time.

An exploit for Microsoft Word appeared on the vulnerability research site Milw0rm earlier this week, leaving the software giant with a total of three still-unpatched vulnerabilities to fix.

A text file that accompanied the exploit described it as a two-stage proof-of-concept Word document. Security firms Symantec–the owner of SecurityFocus–and McAfee both confirmed the exploitability of the security bug, with McAfee noting that the issue appears to match a trend of publishing flaw information near Microsoft’s Tuesday release of software updates.

“Although one could argue that the December 12 release of a new Microsoft flaw was only a coincidence, it fits the trend of the disclosure of Microsoft vulnerabilities on or just after a Patch Tuesday,” McAfee stated in its blog.[more]

Tags: Hackers, Malware, Computer Protection