Microsoft targets Office with four patches next Tuesday

• Article
• Gallery

gallery

Microsoft said late yesterday it was readying four patches for every supported version of the company's Office business suite next week.

The patches have been given the company's highest 'critical' security rating in its 'Patch Tuesday' preview notice, addressing vulnerabilities in Office 2000, Office XP, Office 2003, Office 2007, Office 2004 for Mac and Office 2008 for Mac.

It is the first time the software vendor has released a set of bulletins related to Office that are all rated critical. But it was also the target of four out of the eleven updates from last month's bumper set of patches.

Microsoft is traditionally very guarded about releasing vulnerability details before the monthly patch cycle and security analysts have been reluctant to speculate over which Office flaws may be behind each update or whether they are already publicly known.

From the notice, it is known that one of the updates affects all currently supported versions of the Office email client, Outlook. Andrew Storms, director of security operations at nCircle Network Security said in a blog that this probably rules out a format parsing problem with Office file formats, which have proved an ongoing fertile source of vulnerabilities for malware writers.

"It looks to me like it's a problem more inherent to Outlook [itself], something deeper in the code," he said.

The other three deal with flaws in the ActiveX controls Microsoft Office Web Components 2000 used for publishing Office 2000 documents on the web, an Excel file format and the Office spreadsheet application.

Microsoft also said it would issue three high priority, non-security related updates with the critical patches at 1 pm Eastern US time (6pm GMT), next Tuesday 11 March.

Email to a friend

Print this page