Tech Shout!

On Thursday, Redmond-based Microsoft announced that it has plans to release 7 security bulletins as part of its Patch Tuesday initiative. Four of the updates are for Windows, with the most severe being rated as “critical”. Three other patches are directed at Office, also with a maximum severity of “critical.”

Though Microsoft has not yet revealed or given any details on which flaws are to be fixed, the two vulnerabilities in Excel are likely to be patched. One issue is concerned with maliciously designed spreadsheet files that could lead to a full system compromise, while the other relates to hyperlinks in Excel documents.

Two security flaws affecting Internet Explorer were also reported last week, including a cross-site scripting issue where an attacker could view information in an open browser window from another that is visiting a malicious site.

A second more serious flaw involves how HTA applications are handled. A user could be deceived into opening a malicious file, which in turn could execute code. The file would need to be accessed through SMB or WebDAV in order for the issue to be exploited.

Last week Microsoft said that it was examining the issues, but it’s vague whether the company has had time to develop and properly test a fix.

Along with the 7 security patches, Microsoft will release one high-priority non-security update that is not for Windows. Per usual, the software giant will also deliver an update to its Malicious Software Removal Tool on Tuesday.