Microsoft to plug 11 holes in Office, VPN software

Microsoft says it will release one critical and two important security updates on Patch Tuesday next week.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

Nov. 4, 2010 11:47 a.m. PT

Microsoft says it will release three security updates on Patch Tuesday next week, fixing 11 vulnerabilities in Microsoft Office and its Unified Access Gateway virtual private networking software.

One of the bulletins has a "critical" severity rating and the other two are rated "important," Microsoft said today in a Microsoft Security Response Center blog post.

In addition to Microsoft Forefront Unified Access Gateway, affected software includes Office XP Service Pack 3, Office 2003 Service Pack 3, Office 2007 Service Pack 2, Office for Mac 2011, and the 32-bit and 64-bit editions of Office 2010, according to the advisory.

The company, meanwhile, was mum on the time frame for a patch to fix a zero-day hole in Internet Explorer 6, IE 7, and IE 8 that has been used in targeted attacks disclosed yesterday. In the incidents, attackers sent e-mails to specific employees within organizations luring them to a Web site where exploit code targeting IE 6 and IE 7 was hidden. The attack is designed to drop a back door on vulnerable systems, which could allow an attacker to take control of the computer.