Microsoft says it will release three security updates on Patch Tuesday next week, fixing 11 vulnerabilities in Microsoft Office and its Unified Access Gateway virtual private networking software.
One of the bulletins has a "critical" severity rating and the other two are rated "important," Microsoft said today in a Microsoft Security Response Center blog post.
In addition to Microsoft Forefront Unified Access Gateway, affected software includes Office XP Service Pack 3, Office 2003 Service Pack 3, Office 2007 Service Pack 2, Office for Mac 2011, and the 32-bit and 64-bit editions of Office 2010, according to the advisory.
The company, meanwhile, was mum on the time frame for a patch to fix a zero-day hole in Internet Explorer 6, IE 7, and IE 8 that has been used in targeted attacks disclosed yesterday. In the incidents, attackers sent e-mails to specific employees within organizations luring them to a Web site where exploit code targeting IE 6 and IE 7 was hidden. The attack is designed to drop a back door on vulnerable systems, which could allow an attacker to take control of the computer.