Microsoft patches eight security flaws
Microsoft uses its monthly patching day to explain why it takes so long to fix some security flaws.
Microsoft has defended the time it takes to fix known security flaws, as it released patches for eight vulnerabilities.
Of the eight patches, which are part of Microsoft's monthly update cycle, five are rated critical, two are important and the last is moderate.
The first patch fixes a critical flaw in Excel, which has already been publicly exploited, Microsoft researchers said in their security blog. The second patch solves another already-exploited flaw in Word Pad and Office.
The other critical fixes are for Internet Explorer, Windows HTTP Services and DirectX. The two important bulletins fix a token kidnapping flaw in Windows and a spoofing vulnerability in ISA Server. The last, least serious flaw being patched is an elevation of privilege issue in SearchPoint.
On it's blog, the Microsoft security team noted that five of the vulnerabilities were previously made public some as early as April of last year. The team wrote that Microsoft sometimes takes a while to issue a security update because they want to make sure the vulnerability is fully addressed and compatible with third party software.
"I will say that we will do the right thing for our customers; we will dig deeper; we will hold a low quality update; and we will release an update when it is ready for broad distribution; no sooner or no later," the post said.
More details on the security patches are available here.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.