Microsoft is to issue just two patches for March, after a busy February and a series of out-of-band fixes.
The pair of patches for this month's Patch Tuesday are rated important and will fix eight vulnerabilities across Microsoft Office and Windows, including XP, Vista and 7.
"The lower criticality ratings allow IT admins more time to address these March bulletins," said Wolfgang Kandek, chief technology officer for Qualys.
"It is likely that the Office vulnerabilities should be handled first, as file format vulnerabilities in general have been on the rise in the last year and end users frequently trust open office format files such as Excel due to their business oriented, serious nature," he added.
Microsoft won't be issuing a patch for a VBscript flaw revealed on Monday. In the Microsoft security blog, communications director Jerry Bryant said the firm was continuing to "monitor the situation".
"There are no known attacks but we encourage customers to review the advisory and apply the suggested workarounds where possible," he said. "Customers that are running Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista are not affected."
End of life
Bryant also said it was "extremely important" for users to upgrade from aging versions of Windows, as they will "no longer receive security updates".
From 13 July, Windows XP Service Pack 2 will no longer be supported by Microsoft. "Many customers are still on this version, so we encourage upgrading to Service Pack 3 or to Windows 7 as soon as possible," Bryant said.
From 13 April, the Vista RTM will be killed off, followed by Service Pack 1 on 12 July, 2011.
Microsoft is also set to end support for Windows 2000 on 13 July.
