According to security firm Tippingpoint Security, Microsoft was notified back in 2007 of the bugs affecting the security of several activex controls for Office. Updates for the critical bugs were only released on Tuesday this week.
According to Tippingpoint Security, one of the vulnerabilities discovered in the affected activex controls has already been exploited by hackers for more than a month.
– Generally speaking, Microsoft is one of the better companies when it comes to fixing vulnerabilities quickly. In this case, however, it feels difficult to defend the long time it has taken, says Cody Pierce, security expert at Tippingpoint Security.
However, Cody Pierce defends Microsoft, stating that the bugs fixed earlier this week were very complex, and it can sometimes take years to develop an update that does not affect existing programs.
Computerworld