Microsoft has just announced on its official website that a total of 20 vulnerabilities will be patched next week, as the company will release a pack of seven security updates.The affected products are Office, SharePoint Server, SQL Server and the Windows operating system, with one update marked as “critical”. Microsoft hasn’t provided too many details on this, but the critical update will fix some unmentioned bugs in all Office versions on Windows.
The other six updates are flagged as “important” and may allow remote code execution, Microsoft said in the security bulletin advance notification for October 2012.
The Office fixes may not require a restart, but all updates aimed at the Windows operating system will ask the user to reboot the machine.
Security experts however say that the critical Microsoft Office vulnerability may affect the file formats used by Office 2007 and Office 2010, ComputerWorld reports.
“It's not only the one critical [update]. It's also critical in Word 2007 and Word 2010, but only important in Office 2003,” Andrew Storms, director of security operations at nCircle Security, told the aforementioned source. “We haven't seen a good critical Word bug in a while, and as I've said before, the newer [versions] should be more secure. That's not the case here.”
As always, all these fixes will be delivered by Microsoft via the built-in Windows Update tool, so make sure you install the available patches next week, especially if you are using the Office suite on a regular basis.
More information however will be provided in the next few days, as we get closer to the release dates of all seven updates.