Microsoft is readying four "critical" security patches for next week. While it's a far cry from last month's 11 patches, IT shops will be busy nonetheless.What's interesting about this month's batch of patches is that they're all aimed at fixing flaws in various versions of Microsoft Office. This includes Office 2000, XP, 2003, Office 2007, as well as Office 2004 and 2008 for Mac.
Because this is a pre-patch release notice, Microsoft doesn't provide any details as to the technical nature of the security holes. But if I was forced to bet, I'd say many of the flaws will probably involve how Office handles file formats.
What's also interesting is while many of the patches are rated as critical for older versions of office, they're rated only as "important" for more recent versions. This could indicate that some of the security efforts the software maker has put into place for its applications are starting to mitigate the severity of security problems once they surface.
The only application that has been cursed with a critical ranking all the way through versions 2000 through 2007 is Outlook -- which points to a problem, potentially, deep within the application.
It'll be a hassle pushing these updates out to nearly every end point with a Microsoft Office application installed on it. But with the trend of attackers targeting client-side vulnerabilities on the rise, it'd be a good idea to patch these pronto.
Microsoft's pre-release security bulletin is located here.