Microsoft said it would release three critical updates next week and one moderate update to repair flaws in Office applications and Windows as part of its monthly patch Tuesday update.
In the Microsoft advance patch notice, the software maker said the security updates plug holes in Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows XP Professional x64 Edition, Windows Server 2003 Service Pack 1, Windows Server 2003 x64 Edition, and Windows Server 2003 with SP1 for Itanium-based Systems.
The issue is with Microsoft's Jet 4.0 Database Engine, which could be exploited by an attacker remotely to gain access to a system.
A critical flaw in Microsoft Word 2000 Service Pack 3 could be exploited by an attacker to gain access remotely.
Important updates affect Microsoft Office 2004 and 2008 for Mac, Microsoft Outlook 2007 and Microsoft Word 2002, 2003 and 2007. Also affected is Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.
Bill Sisk, the response communication manager for the Microsoft Security Response Center (MSRC), said the advance bulletin is preliminary information, and is subject to change.
"These updates may require a restart and will be detectable using the newly released version of the Microsoft Baseline Security Analyzer," he said in the Microsoft Security Response Center Blog.
The software giant will also release an updated version of its Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center, and host a Security Bulletin Webcast so customers can ask questions about the latest fixes.Last month, Microsoft released five critical and three important vulnerabilities. The critical flaws left users open to remote code executions, and affected Office Project, Windows vis-à-vis Graphics Device Interface (GDI), VBScript and JScript scripting engines, and Internet Explorer.