The software giant is slated to release two "critical" security bulletins affecting vulnerabilities in Microsoft Office, according to the company’s advanced notification bulletin issued Thursday.
At least five zero-day vulnerabilities exist in the popular application, four in Word and one in Excel. Three of the Word flaws were discovered in December, and Microsoft has confirmed that at least two of them have been exploited in limited and targeted attacks.
Many security researchers expected Microsoft to already have patched the vulnerabilities, either in January’s security update or with an out-of-cycle fix.
Meanwhile, a fourth Word bug came to light in late January and now is being used in limited attacks. And last Friday, the company reported zero-day exploits targeting a flaw in Excel.
Tuesday’s security update also is expected to include five fixes for Windows flaws, with at least one being critical. Interestingly, there also are patches planned for flaws in Windows Live OneCare, Microsoft Antigen, Windows Defender and ForeFront — programs designed to safeguard users from malware.
Additionally, Microsoft plans to correct vulnerabilities in the Step-by-Step Interactive Training application and Microsoft Data Access Components technology.
The dozen fixes ties the number released last August. The large dose may be related to last-minute plans by Microsoft to scrap four fixes from the January release.
Click here to email reporter Dan Kaplan.
Microsoft plans a dozen fixes for February Patch Tuesday
By Dan Kaplan on Feb 9, 2007 7:30PM