Microsoft has nine security bulletins planned for the Aug. 11 Patch Tuesday release, including one addressing a critical vulnerability Microsoft warned was under attack.
Tucked in among the five critical bulletins Microsoft will release is a patch for a vulnerability in Microsoft Office Web Components the company said in July could be exploited to take control of a vulnerable system. The bug lies in the Spreadsheet ActiveX control. According to Microsoft, when the ActiveX control is used in Internet Explorer, the control can corrupt the system state and allow an attacker to run arbitrary code.
The bulletin covering that issue affects Microsoft Office, Microsoft Visual Studio, ISA Server and BizTalk Server. The other four critical bulletins are focused on Microsoft Windows, with one additionally affecting Windows Client for Mac.
The remaining bulletins are rated "important" and deal with security bugs in Windows. Two of them cover privilege escalation; the others deal with remote code execution and denial-of-service issues.
The patches will be released Aug. 11.