Microsoft to issue critical patch for Office on May 12

xan K · 07 May 2009

thanks for the heads up.

bodmas · 08 May 2009

It has not passed a week when sp2 of office 2007 has been released and now they have found that there is still vulnerability in it.

mxosder16 · 08 May 2009

It has not passed a week when sp2 of office 2007 has been released and now they have found that there is still vulnerability in it.

they're just focused on making 7 awesome

but at least they're fixing it

jfar · 08 May 2009

They can send me as many patches as they like,as long as everything runs smoothly.

Barman58 · 08 May 2009

The whole vulnerability/ patch / vulnerability / patch cycle is a game played between the Black and White hat camps of PC security.

I don't know how many lines of code are in SP2 but you have to expect something to be missed - be nice if it wasn't but we live in the real world.

I find it slightly reassuring that MS is releasing this patch out of sequence - it proves they are not sitting on their laurels, but are continuing to work at security.

And MS do react quicker than some

Dwarf · 08 May 2009

This battle is an ongoing one, and it's one that neither side will truly win.

Vulnerabilities exist in all OSes and in all applications - it's only a matter of time before some unsavoury character manages to find a way to exploit them.

Whilst patches fill the holes that the exploits uncover, more vulnerabilities are being discovered and exploited every day, some of which are annoying yet relatively harmless and some which threaten the security of our files and data.

The only way in which a system can be made totally safe is to isolate it completely from any possible threats and, since this would mean disconnecting it from the Internet, this is impractical for the vast majority of people who rely on it as part of their everyday lives, be it work and/or leisure.

Since this is not a practical option, we have to accept that the need for correctly installed (and updated) security software is essential and that the same goes for any application that we choose to install and run.

In an ideal world, we wouldn't have to worry about this, but it is not an ideal world. It only takes one rogue user to find and make use of an exploit and then all users of that application are potentially at risk from this exploit until they install the patch designed to fix it. By which time, of course, other vulnerabilities have been discovered and exploited. Unfortunately, in many cases, the developers of applications aren't aware of some flaws until they have been exploited. Looking through the thousands (in some cases, millions) of lines of code in an application for any flaws is a bit like looking for a needle in a haystack - a virtually impossible task.

It really is a vicious circle, to which there will be no end. The only thing that we can do is to ensure that we are fully updated with the latest patches available, both for the OS and also any applications (especially security software) that we have installed.

Win7User512 · 10 May 2009

I'm just glad they are releasing it out of cycle. At least they aren't waiting until June...

turbomcp · 10 May 2009

they are still focused on why xbox rrod thats why:)

Digger · 10 May 2009

Dwarf said:

This battle is an ongoing one, and it's one that neither side will truly win.

Vulnerabilities exist in all OSes and in all applications - it's only a matter of time before some unsavoury character manages to find a way to exploit them.

Whilst patches fill the holes that the exploits uncover, more vulnerabilities are being discovered and exploited every day, some of which are annoying yet relatively harmless and some which threaten the security of our files and data.

The only way in which a system can be made totally safe is to isolate it completely from any possible threats and, since this would mean disconnecting it from the Internet, this is impractical for the vast majority of people who rely on it as part of their everyday lives, be it work and/or leisure.

Since this is not a practical option, we have to accept that the need for correctly installed (and updated) security software is essential and that the same goes for any application that we choose to install and run.

In an ideal world, we wouldn't have to worry about this, but it is not an ideal world. It only takes one rogue user to find and make use of an exploit and then all users of that application are potentially at risk from this exploit until they install the patch designed to fix it. By which time, of course, other vulnerabilities have been discovered and exploited. Unfortunately, in many cases, the developers of applications aren't aware of some flaws until they have been exploited. Looking through the thousands (in some cases, millions) of lines of code in an application for any flaws is a bit like looking for a needle in a haystack - a virtually impossible task.

It really is a vicious circle, to which there will be no end. The only thing that we can do is to ensure that we are fully updated with the latest patches available, both for the OS and also any applications (especially security software) that we have installed.

hehe, took the thoughts right outta my head