The software vendor released three sets of critical patches Tuesday, fixing nine security bugs. A fourth update fixes a flaw in Office 2003's Brazilian Portuguese Grammar Checker. Microsoft gives this flaw a less-serious rating of "important."
Hackers have been paying close attention to Microsoft's Office products over the past few months, taking advantage of unpatched bugs in PowerPoint, Word and Excel to conduct extremely targeted attacks. Typically, the attacker will send the victim an e-mail that includes a malicious Office attachment and try to entice the victim into opening the malicious message.
In early December these attacks occurred on a limited scale, exploiting unpatched vulnerabilities in Microsoft Word. Microsoft didn't issue patches for Word on Tuesday, but it did patch five flaws in Excel, which has also been a point of attack over the past few months.
The Office flaws should be a top priority for system administrators, said Chris Andrew, vice president of security technology with Patchlink. The Windows update, which fixes a critical flaw in Windows' Vector Markup Language (VML) language is also one to watch, he said.