Patch Tuesday heads-up: Critical MS Office security holes

The November Patch Tuesday will feature just three bulletins with fixes for a total of 11 documented vulnerabilities.

After last month's record-breaking security patch release, Microsoft is offering a November respite.

The November Patch Tuesday will feature just three bulletins with fixes for a total of 11 documented vulnerabilities.  One of the bulletins will be rated "critical," Microsoft's highest severity rating.

According to an advance notice from Redmond, two of the bulletins will address security holes in Microsoft Office, the widely deployed desktop productivity suite.

follow Ryan Naraine on twitter

The third bulletin, rated important, will address security flaws in the Microsoft Forefront Unified Access Gateway product.

The Microsoft Office update is noteworthy because it is rare to see an Office update with a "critical rating."

Qualys CTO Wolfgang Kandek points out that most vulnerabilities on the Office suite are categorized as "Important" because they typically require user interaction to get a successful exploitation.

"Critical" here indicates a vulnerability that can be used to take control of the target machine without user interaction, such as MS10-064, where visualizing an e-mail in Outlook's preview pane was sufficient to trigger the flaw," Kandek said.

The patches are due for release around 2PM EST on November 10, 2010.