Microsoft To Patch Critical Office Flaw

Microsoft will use its monthly patch to fix a critical security hole in versions of its Microsoft Office suit that could allow attackers to run malicious code on vulnerable systems.

Microsoft will use its monthly patch to fix a critical security hole in versions of its Microsoft Office suit that could allow attackers to run malicious code on vulnerable systems.

The company announced details of its upcoming monthly patch for November on Thursday. This months patch also included bulletins regarding upcoming fixes for two other security vulnerabilities: another in the Microsoft Office suite that was rated “important,” and a third in the Forefront Unified Access Gateway that was also rated “important.”  

The relatively meager group of three bulletins is a welcome change for IT administrators still trying to dig out from October’s monthly patch, which comprised 16 bulletins and fixes for 49 separate vulnerabilities. 

The most serious vulnerability is rated “critical” for Microsoft Office 2007, Service Pack 2 and for 32 and 64 bit editions of Office 2010. It is rated “important” for Office 2003, Service Pack 3,  Office XP, Service Pack 3 and Office for Mac 2011. 

According to Microsoft’s Bulletin Severity Rating System, “critical” vulnerabilities are described as those whose exploitation could allow the propagation of an Internet worm without user interaction, while “important” holes are those in which exploitation could result in the compromise of the confidentiality, integrity or availability of users’ data or processing resources. 

A second Office vulnerability is rated “important” and effects PowerPoint 2002 Service Pack 3 and PowerPoint 2003 Service Pack 3.

The third bulletin affects Microsoft’s Forefront Unified Access Gateway 2010 Updates 1 and 2 and is rated important. 

Microsoft will release its monthly patch update on Tuesday November 9, 2010. 

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.