Another Critical MS Office Patch on Tap

With its desktop productivity suite under attack, Microsoft plans to ship a high-priority update to cover holes in Office.

Microsoft is on the verge of shipping another "critical" bulletin to cover holes in its Microsoft Office productivity suite.

The worlds largest software maker plans to include the Office bulletin in a batch of three updates in this months Patch Tuesday, according to an advance notice released Sept. 7.

In the first eight months of 2006, Microsoft has shipped patches for a whopping 24 flaws affecting all versions of Office, and the latest batch will certainly push that number much higher.

Over the last few months, attackers and flaw finders have been pounding away at Office applications, discovering new ways to attack millions of Windows machines.

/zimages/4/28571.gifCan Microsoft cope with the deluge of flaws in Office? Click here to read more.

The increased activity has also coincided with zero-day, code-execution attacks against users of Word, Excel and PowerPoint, three of the most widely used programs in the Microsoft Office product line.

The planned Office fix comes just days after confirmation from the Redmond, Wash., company that an undocumented flaw affecting Word 2000 was being exploited in zero-day malware attacks.

The company issued an official advisory on Sept. 6 urging its customers to "exercise extreme caution" when opening unsolicited attachments from both known and unknown sources.

It is not yet clear if the Word 2000 flaw will be fixed on Patch Tuesday, scheduled for Sept. 12.

The company also plans to ship two bulletins with patches to cover holes in its flagship Windows operating system. The maximum severity rating for the Windows updates is "important," Microsoft said.

As is customary, the MSRT (malicious software removal tool) will be updated with new definitions for the most virulent malware threats.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.