engine - 12:00 pm on Jan 10, 2007 (gmt 0)

Microsoft yesterday released fixes for vulnerabilities in its Windows and Office software but left several known Word zero-day flaws without a patch. As part of its monthly patch cycle, Microsoft published four security bulletins with fixes for 10 vulnerabilities. Three of the bulletins are deemed "critical", the company's most serious rating, while the fourth is tagged "important", a notch lower. All bulletins, however, address flaws that could allow an attacker to commandeer a PC. A Microsoft representative said in a statement: "Microsoft does recommend that all customers sign up for Microsoft Update and enable its Automatic Updates functionality to receive all updates available this month and to help make their systems more secure."

Vulnerabilities Patched, But Word Zero-Day Flaws Remain [software.silicon.com]