Summary: Two "critical" security vulnerabilities are found in Office 2010, but there is no disclosure

THE first known Office 2010 flaw was mentioned here a few days ago and Microsoft's habit of secretly patching vulnerabilities (fixing them without telling anyone) was covered here several weeks ago. Microsoft admitted doing this, with this important admission finally arriving in May. Now, watch this new report:

Following on from full disclosure, Microsoft now has a new disclosure variant to contend with – no disclosure. French security services provider VUPEN claims to have discovered two critical security vulnerabilities in the recently released Office 2010 – but has passed information on the vulnerabilities and advice on mitigation to its own customers only. For now, the company does not intend to fill Microsoft in on the details, as they consider the quid pro quo – a mention in the credits in the security bulletin – inadequate.

Why would anyone pay hundreds of dollars for a piece of software which Amazon rated just 2/5 for lack of novelty and other reasons? There isn't even adherence to international standards [1, 2, 3, 4, 5, 6, 7]. It's just fake hype [1, 2] that Microsoft has allocated nearly a tenth of a billion to (in marketing alone). OpenOffice.org 3.3 is already in the works and it makes code, not marketing. Amazon has it rated 5/5 (compared to 2/5 for Microsoft Office 2010). ⬆