Microsoft Releases Information on Security Patches Prematurely
In an apparent slipup by the software giant, the bulletins that contained information to five of its security updates were published before the patches were made available. According to industry experts, this has never happened before and it is likely a case of jumping the gun.
The gaffe is unprecedented, said Andrew Storms, director of security operations at nCircle Security. "I don't remember this ever happening," said Storms."From what Microsoft had given us yesterday, none of these [bulletins] were terribly exciting or worrisome. So I see this as an embarrassment of procedure rather than a giant disclosure," Storms said.
Microsoft said that the security patches would be released on schedule this Tuesday to patch 15 vulnerabilities in Windows, Excel, SharePoint and other products in its portfolio.Two of the vulnerabilities are in Windows; five in Excel, the spreadsheet included with Office; two in non-application Office components; and six in SharePoint and associated software, such as Groove and Office Web Apps.
At least two of the 15 vulnerabilities are related to "DLL load hijacking", a term that describes a class of bugs first revealed in August 2010. Microsoft has been patching its software to fix the problem which can be exploited by tricking an application into loading a malicious file with the same name as a required dynamic link library (DLL) since November last year.
For the full report, please follow this link.