Microsoft just announced the patches that they will release on Tuesday the 12th. And as we feared, the Word vulnerability disclosed earlier this week will not be fixed. Looks like we'll have to not open or save Word files from untrusted sources, or unexpectedly received from trusted sources, for another month. No one sends DOC files in e-mails anyway, right?
The dropped files we have seen used together with the Word vulnerability are detected as Trojan-Downloader.Win32.Cryptic.ec, Trojan-Downloader.Win32.Cryptic.f and Trojan-Downloader.Win32.Tiny.y.
The patches that Microsoft will release are five security patches for Windows where the highest severity rating is Critical. A patch for Visual Studio with a severity rating of Critical will also be released. In addition, 14 non-security related patches will be released.
