Microsoft plans to release eight updates next week, including a likely fix for an Excel bug that has been used by cybercriminals.
Five of the fixes are for Windows, with a single update each for Internet Explorer, Excel and Microsoft's Internet Security and Acceleration (ISA) server.
The Excel update is noteworthy because Microsoft's spreadsheet software has recently been used in a small number of targeted attacks. By tricking users into opening a specially crafted Excel file, criminals can install their malicious software on a victim's machine, Microsoft said. The software vendor has not said for certain whether it will patch this particular Excel flaw, but it seems likely.
Microsoft has also warned of a similar flaw in its PowerPoint software, which is also being used in attacks, but no PowerPoint updates are currently scheduled.
"We were hoping to see an update to handle the PowerPoint .pps exploit seeing as this is the hottest Office issue running wild, but from what we can tell at this point, the issue won't be addressed this month," security vendor Lumension said.
Microsoft rates the IE and Excel fixes as critical, along with three of the Windows updates, meaning a hacker could take advantage of the flaws they patch to run unauthorised software on a PC. The ISA patch is rated important; an attacker could use this bug to crash a system. And the other two Windows flaws could be used to elevate privileges to gain access to unauthorised resources on the PC, Microsoft said.