Another update will patch one or more vulnerabilities in Excel 2002, 2003 and 2007 on Windows, and Excel 2004 and 2008 on the Mac. Excel 2010, the spreadsheet included in the just-released-to-businesses Office 2010 suite, does not contain the bug and will not need a patch, confirmed Jerry Bryant, a general manager with the Microsoft Security Response Center (MSRC), in an e-mail today. Other updates will close out a pair of flaws that Microsoft confirmed in two earlier security advisories. The oldest warning was issued in February, and noted that hackers could exploit IE on Windows XP to read every file on a victim's PC. That fix will presumably be one of several included in the IE update.
Microsoft will also patch a problem in SharePoint Server 2007 that it publicized in April. The zero-day bug could be used by attackers to steal companies' confidential information.
NCircle's Storms said another update to watch is the one Microsoft identified today only as Bulletin 3; the update will affect all versions of Windows, but was rated critical for Windows 2000, XP, Vista and Windows 7. The server-side operating systems, however, were ranked as "moderate."
"That tells me it's something on the client side," said Storms. "It's critical, and should be patched as fast as Internet Explorer next week."
Tuesday's updates will be the second-to-last for Windows 2000 and Windows XP Service Pack 2 (SP2), both which will be retired from security support in mid-July.
Microsoft will release the 10 updates at approximately 1 p.m. ET on June 8.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed. His email address is email@example.com.
Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.