'Critical' patch for Office coming

Two less serious updates for Windows also will be issued, making it a quiet Patch Tuesday for Microsoft next week.

Dawn Kawamoto Former Staff writer, CNET News

Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

Dawn Kawamoto

Sept. 8, 2006 5:03 a.m. PT

Microsoft plans to release a "critical" security update for Office next week, one of three bulletins it will distribute as part of its monthly patch cycle.

The other two updates are for Windows and are rated as "important," its second-highest ranking, the software giant said in an advisory Thursday. The brief advisory is designed to give IT administrators advance notice to prepare for the patches once they are distributed.

Further details on the flaws will be posted on Microsoft's security Web site, once the bulletins are issued Tuesday morning.

Microsoft has had its share of zero-day exploits, or malicious software released the same day a flaw is made public, in applications in Office. Earlier this week, Microsoft's Word 2000, which is part of the productivity suite, was hit with a zero-day attack that could compromise systems remotely. The vulnerability can be exploited by the user opening a malicious document.

And in June, an Excel vulnerability was the target of a zero-day attack. In that case, a system was at risk if a user opened a malicious Excel database document.