MS Patch Tuesday heads-up: Critical flaws in Windows, Office

Microsoft has announced plans to ship three security bulletins this month to cover at least four serious vulnerabilities in all supported versions of the Windows operating system.

According to an advance notice from Redmond, one of the bulletins will be rated "critical" while the rest will carry an "important" rating.  All three bulletins cover issues that could lead to remote code execution attacks, Microsoft said.

Affected software includes the Windows OS, Microsoft Office and Microsoft Groove 2007.

It is not yet clear if this Patch Tuesday batch of updates will include fixes for the recent Windows BROWSER protocol vulnerability that was publicly discussed in February.

Microsoft last week quietly shipped an update to fix a security flaw in the in the Microsoft Malware Protection Engine.   This engine powers Microsoft's range of anti-malware and security products (Forefront, Live OneCare, Security Essentials, etc.)

From an advisory issued last week:

Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users.

Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the company said the the update was installed along with the updated malware definitions for the affected products.