Microsoft slates four patches for next week

All updates related to Office, and rated critical

Microsoft said that it will release four security updates next week to patch every supported version of the company's Office business suite. All four updates will be labelled "critical," the company's highest threat ranking.

The number of security bulletins Microsoft plans to issue on Tuesday, March 11, is substantially below last month's 11, but the Office-only nature of the updates is unusual, according to one security expert. "It's extremely rare," said Andrew Storms, director of security operations at nCircle Network Security. "This is the first time I've seen this, where not only are all the bulletins related to Office, but all are marked critical."

Microsoft's slate will patch Office 2000, Office XP, Office 2003, Office 2007, Office 2004 for Mac and Office 2008 for Mac, said the prepatch notice posted to the company's Web site this morning.

"But Office vulnerabilities aren't so rare that we shouldn't have expected something like this," said Storms. "Office has continued to play a pretty big role in Microsoft's security bulletins." Last month, in fact, four of the 11 updates plugged holes in the suite's applications.

Storms hesitated to guess at what vulnerabilities might be behind each update. "It's too early to tell if these involve publicly-known vulnerabilities. There's not enough information here." Still, some of the expected updates caught his eye.

Tagged Thursday in the prepatch notification as "Bulletin 2," one of the updates will repair Outlook, the suite's e-mail client. Judged "critical" by Microsoft, the fix will affect all currently-supported versions of Outlook, including Outlook 2007. "I was quite flabbergasted to see [the critical ranking on] Outlook 2007," said Storms. "That's bucking the trend, seeing something critical across the board."

Most Office updates slap a critical label on the oldest version of the bundle, Office 2000, but use less dire ratings on newer versions, thanks to Microsoft's work securing the applications -- notably their file formats. In the case of Outlook, however, the bug is pegged critical in all still-supported editions, from Outlook 2000 to Outlook 2007.

"That means it's probably not a format parsing problem," said Storms, referring to frequently-found vulnerabilities in Office's file formats, which attackers continue to leverage. "It looks to me like it's a problem more inherent to Outlook [itself], something deeper in the code."

Of the other three bulletins planned for next week, one appears to be a patch for an Excel file format flaw, a second also relates to the spreadsheet application, while the third deals with a bug in Office Web Components -- controls that let users publish spreadsheets, charts and databases to the Web, then view that content once it's published.

Missing from the March line-up, however, is a critical update that was dropped from the February list. None of the descriptions in Thursday's notice matched the bulletin addressing VBScript and JScript issues that Microsoft yanked at the last minute last month.

Microsoft will release the four updates next Tuesday around 1 p.m. Eastern time. It will also deliver three high-priority, non-security updates at the same time, the company said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?