March patch Tuesday omits Excel fix
Zero-day, nada relief
Microsoft forthcoming patch Tuesday will bring no relief from an unpatched Excel flaw that's the target of active malware attacks.
The March edition of Black Tuesday promises three updates, one of which Redmond classifies as critical because it poses a code execution risk. The other two flaws involve spoofing risks and are assigned to the "important" category.
As usual, Microsoft's pre-release is thin on specifics - understandably it doesn't want to give hackers too many clues - but we do know all four cover Windows. All supported version of Windows, including Vista, will need patching.
An unpatched vulnerability in Excel has been the target of hacking attacks since late last month. A patch to defend against the underlying vulnerability would fall into the Office category, so we know it won't arrive next Tuesday and is therefore highly unlikely to appear until April. ®