Microsoft plans to release four security bulletins March 11 to cover a number of remote code execution vulnerabilities affecting the Microsoft Office productivity suite.
All four bulletins will be rated “critical,” Microsoft’s highest severity rating.
According to the software vendor’s advance notice mechanism, three of the high-priority bulletins will cover holes in Microsoft Office while the fourth will deal with issues in Microsoft Office Web Components.
Affected software includes Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, Microsoft Excel, Microsoft Office Outlook and Microsoft Office for Mac.
It is likely that this batch of patches will finally provide cover for well-known-and already exploited-vulnerabilities in Microsoft Excel.
On Jan. 15, Microsoft shipped a pre-patch advisory to warn of limited, targeted attacks exploiting a zero-day bug in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac.
“At this time, our initial investigation indicates that customers who are using Microsoft Office Excel 2007 or Microsoft Excel 2008 for Mac, or who have installed Microsoft Office Excel 2003 Service Pack 3, are not affected by this vulnerability,” Microsoft said.
With this patch batch, the bulletin count for 2008 stands at 17.