Microsoft previews 12 security bulletins, 7 'critical'; Excel fix likely en route

Microsoft on Thursday issued advance notice of 12 security bulletins ahead of its February batch of patches with seven critical flaws affecting Vista, Internet Explorer and Office.

The most notable patch will likely cover that Excel zero day vulnerability that surfaced last month. Since Microsoft confirmed the Excel vulnerability and issued an advisory on Jan. 16 it's a safe bet that its patches on Feb. 12 will cover it.

In its advance notification posting, Microsoft said the seven critical bulletins all cover remote code executions vulnerabilities. These bulletins affect Windows XP and Vista, Office, Internet Explorer and Visual Basic.

Here's a breakdown by product:

• Microsoft's critical bulletins address remote code execution flaws in Microsoft Office 2004 for the Mac, Microsoft Office 2000 Service Pack 3, Microsoft Word 2000 Service Pack 3 and Microsoft Office Publisher 2002. An important bulletin was issued for Microsoft Office 2003 Service Pack 2, Microsoft Word 2002 Service Pack 3, Word 2003 Service Pack 2 and Microsoft Office 2004 for the Mac.
• Internet Explorer had a few bulletins rated critical due to remote code execution flaws. Versions affected include: IE 5.01 Service Pack (SP) 4 on Windows 2000 Service Pack 4; IE 6 SP 1 when installed on Windows 2000 SP 4; IE 6 for various flavors of XP; IE 6 for Windows Server 2003 (various flavors); IE 7 for XP, Windows Server 2003 and Vista. In a nutshell, if you have IE you'll need these upcoming patches.
• XP SP 2, Windows 2000 SP 4, Windows Server SP 1 and SP2, Windows Server 2003 x64 Edition (and any service pack) and Vista all had critical bulletins for remote code execution. There are also important denial of service bulletins for these versions of Windows too.
• Visual Basic had critical bulletins for remote code execution vulnerabilities. Versions affected include: VBScript 5.6 on Windows 2000, XP and Server 2003 (various service packs.
• Microsoft Internet Information Services 5.0, 5.1, 6.0 on Windows XP, Server 2000 and Server 2003 (including service packs) had important bulletins covering mostly elevation of privilege and remote code execution issues.
• Active Directory on Windows 2000 SP 4, XP SP2, and Server 2003 had important to moderate bulletins for denials of service flaws.