Microsoft plans to release two security updates Tuesday, including one critical patch for a remote code execution flaw affecting Microsoft Windows and Office.
Both vulnerabilities can be exploited by an attacker remotely to gain access to critical files, Microsoft said in its advance notification. The critical flaw is in XML Core Services and affects versions of Windows 2000, Windows XP, Windows Vista and Windows Server 2003 and 2008.
A flaw, also in XML Core Services, is rated important and affects Microsoft Office 2003 Service Pack 3, Word Viewer 2003 Service Pack 3 and Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 file formats.
Microsoft assigns the critical rating to flaws that can be exploited by a malware attack without user action. The important rating goes to flaws whose exploitation could result in compromise of the confidentiality, integrity or availability of users data, or of the integrity or availability of processing resources.
The software maker is also planning to release non-security, high-priority updates on Microsoft Update, Windows Update and Windows Server Update Services (WSUS).
Meanwhile, Microsoft is still monitoring malware in the wild, attempting to exploit a remote procedure call (RPC) flaw that was repaired in its MS08-067 emergency bulletin.
Christopher Budd, security program manager in the Microsoft Security Response Center, is urging customers to deploy the patch as the threat of being attacked rises.