Microsoft slates four patches for next week

All updates related to Office, and rated critical

Microsoft said that it will release four security updates next week to patch every supported version of the company's Office business suite. All four updates will be labelled "critical," the company's highest threat ranking.

The number of security bulletins Microsoft plans to issue on Tuesday, March 11, is substantially below last month's 11, but the Office-only nature of the updates is unusual, according to one security expert. "It's extremely rare," said Andrew Storms, director of security operations at nCircle Network Security. "This is the first time I've seen this, where not only are all the bulletins related to Office, but all are marked critical."

Microsoft's slate will patch Office 2000, Office XP, Office 2003, Office 2007, Office 2004 for Mac and Office 2008 for Mac, said the prepatch notice posted to the company's Web site this morning.

"But Office vulnerabilities aren't so rare that we shouldn't have expected something like this," said Storms. "Office has continued to play a pretty big role in Microsoft's security bulletins." Last month, in fact, four of the 11 updates plugged holes in the suite's applications.

Storms hesitated to guess at what vulnerabilities might be behind each update. "It's too early to tell if these involve publicly-known vulnerabilities. There's not enough information here." Still, some of the expected updates caught his eye.

Tagged Thursday in the prepatch notification as "Bulletin 2," one of the updates will repair Outlook, the suite's e-mail client. Judged "critical" by Microsoft, the fix will affect all currently-supported versions of Outlook, including Outlook 2007. "I was quite flabbergasted to see [the critical ranking on] Outlook 2007," said Storms. "That's bucking the trend, seeing something critical across the board."

Most Office updates slap a critical label on the oldest version of the bundle, Office 2000, but use less dire ratings on newer versions, thanks to Microsoft's work securing the applications -- notably their file formats. In the case of Outlook, however, the bug is pegged critical in all still-supported editions, from Outlook 2000 to Outlook 2007.

"That means it's probably not a format parsing problem," said Storms, referring to frequently-found vulnerabilities in Office's file formats, which attackers continue to leverage. "It looks to me like it's a problem more inherent to Outlook [itself], something deeper in the code."

Of the other three bulletins planned for next week, one appears to be a patch for an Excel file format flaw, a second also relates to the spreadsheet application, while the third deals with a bug in Office Web Components -- controls that let users publish spreadsheets, charts and databases to the Web, then view that content once it's published.

Missing from the March line-up, however, is a critical update that was dropped from the February list. None of the descriptions in Thursday's notice matched the bulletin addressing VBScript and JScript issues that Microsoft yanked at the last minute last month.

Microsoft will release the four updates next Tuesday around 1 p.m. Eastern time. It will also deliver three high-priority, non-security updates at the same time, the company said.

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?