No security patches for March

Microsoft has stated that it will not be issuing any security patches this month.

The company usually issues security updates for vulnerabilities in its operating systems and other software on the second Tuesday of each month. However, the only updates it will be distributing are for an anti-malware program and six performance-related updates for other applications.

"For the month of March 2007, we will not be releasing any new security updates on March 13, 2007. We will though be making our regular monthly update to the Microsoft Windows Malicious Software Removal Tool," said Christopher Budd on Microsoft's security response center blog.

It seems, though, that a vulnerability in Word, discovered the day after the last round of security patches was released and also reported on the blog, will be left unpatched.

According to security firm Secunia, who has given the flaw an 'extremely critical' rating, "the vulnerability is caused due to an unspecified error when parsing Word documents and can be exploited to cause memory corruption."

This essentially means that an attacker could take control of an infected PC remotely to use as a spam-generating machine, for example, without the user's knowledge.

http://www.microsoft.com/security/

More news via RSS Post item to Del.icio.us Post item to Digg.com