"
Denial of service is clearly not as critical as other recent issues,"
McAfee Avert Labs researcher Craig Schmugar said in a Friday blog post. "Looks like this targeted attack was flawed."
Still, with the latest bug, the total number of
unpatched Word vulnerabilities has reached at least five. And on Feb. 2, Microsoft reported a
zero-day exploit targeting Excel but potentially affecting other Office components.
This high number of outstanding flaws may change with today’s scheduled monthly
security update, in which the software giant is expected to release a record dozen fixes, including two critical Office patches.
Many security experts have predicted Microsoft would release
out-of-cycle fixes for the Word flaws since December. But Microsoft, which has only ever released two
out-of-band patches, has held off.
Click here to email reporter Dan Kaplan.