A flaw in
Microsoft Word ranks among the top security problems addressed by December's Patch Tuesday fixes, closing a hole that allows remotely executing malicious code on targeted machines regardless of whether users open the infected file. The bulletin is one of five marked critical by Microsoft in its advanced notification about vulnerabilities this month, and several security experts say the Word vulnerability is the top priority.
"In this case we assume the 'critical' rating comes from Outlook, which can be configured to use Word to visualize documents in its preview pane," says Qualys CTO Wolfgang Kandek. "This is an automatic mechanism that does not require user interaction. In any case, this will be an important bulletin to watch out for."
