Microsoft plans to release seven security bulletins on July 11 to cover a range of critical vulnerabilities affecting Windows and Office users.
Four of the seven bulletins will include patches for flaws in the Windows operating system, while three will deal with bugs in the Microsoft Office productivity suite.
As is customary, the company is not releasing details on the vulnerabilities except to say that the updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
Some of the updates will require a restart.
The Microsoft Office patches are expected to include a fix for a known code execution hole in the Excel spreadsheet program.
That flaw is already being used in targeted attacks against an unidentified business interest, Microsoft confirmed.
The Excel attack includes the use of Trojan horse program called Trojan.Mdropper.J that arrives as an Excel spreadsheet with the file name “okN.xls.”
When the Trojan is executed, it exploits the Excel flaw to drop and execute a second piece of malware called Downloader.Booli.A. It then closes Microsoft Excel.
The MSRC (Microsoft Security Response Center) has already acknowledged a second bug that uses embedded hyperlinks in Excel documents to exploit a Windows vulnerability. Detailed exploit code for that vulnerability has been released on the Internet.