Word 0-day Exploit Not Addressed for Next Patch Tuesday

A few days ago, we posted about the latest Word 0-day exploit. Microsoft has announced the vulnerabilities that will be addressed for the next Patch Tuesday. The vulnerability being exploited in the most recent Word 0-day is not one of the ones being patched.

Why is this? Microsoft stated that this particular exploit is "limited", since a user would have to open the malicious Word document in order for the attack to be successful. However, Microsoft then advises the user not to open Word documents that arrive unexpectedly. This is obviously not an optimal solution to the problem.

What makes this type of attack serious is that it cannot simply be blocked by a firewall, for instance. So, this attack easily flies under the detection radar. Furthermore, the bad guys could easily make the malicious document look legitimate. Most users will open a Word document that appears to be from someone they know without thinking twice about it. The fact that Microsoft has not made fixing this vulnerability a priority is somewhat surprising, and it will be interesting to see how long this vulnerability remains unpatched.