Twelve security bulletins are due Tuesday from Microsoft, and among them is expected to be a fix for a zero-day vulnerability in Microsoft Word and a cumulative patch for Internet Explorer.
On its TechNet site, the Redmond, Wash.-based vendor said Thursday it will release nine bulletins affecting Windows, two for Office products and one for Exchange; several will be rated critical.
The advance notification did not offer detail on specific patches, but quietly confirmed that the June release will include a cumulative update for IE. That's because one of the bulletins will terminate support for a temporary compatibility patch released along with Microsoft Security Bulletin MS06-013, which addressed the widely publicized createTextRange flaw.
Because the primary MS06-013 bulletin implemented a change in ActiveX behavior in IE, Microsoft offered customers the option of instead deploying a separate update that mitigated the createTextRange issues without dramatically affecting ActiveX.
"This optional update is only intended to allow customers additional time to test and redesign Web pages and other software that may have been affected by the IE ActiveX update," said Christopher Budd, security program manager with Microsoft in his April Inside MSRC column for SearchSecurity.com. "This is a temporary update that will expire with the next Internet Explorer cumulative update."
Microsoft did not address any issues with IE among its three security updates in May, which patched flaws in Windows and Exchange Server. Some expected Microsoft to address three IE flaws that surfaced in late April, but those apparently will be addressed in Tuesday's cumulative patch.
The trio of known unpatched IE problems includes: a race condition that appears when security dialogs are displayed and processed; an origin validation error that appears when "mhtml:" URL redirections are handled; and an error in how certain sequences of nested "object" HTML tags are processed.
Among June's Microsoft Office updates is expected to be a patch for Microsoft Word. The software giant confirmed May 23 that a previously unknown flaw in its Word application is being exploited in the wild.
Since then, Cupertino, Calif.-based antivirus giant Symantec Corp. has maintained a higher-than-normal ThreatCon level of 2 (on a scale of 4). The exploit, known as Trojan.Mdropper.H, arrives as a Word document attached to an e-mail. Once a victim opens the document, it opens a backdoor for attackers to exploit the system using a previously unknown vulnerability.
A few weeks ago, Microsoft said it was completing a bulletin that would address the Word vulnerability.
In the interim, the vendor suggested customers only use Word in safe mode, and provided the following guidelines for using Office documents in safe mode:
- Don't open Word files that are embedded in other applications, such as Excel, PowerPoint or others.
- Even after the workarounds are applied, refrain from opening Word files directly from any mail clients (Outlook or Hotmail, for example) by double-clicking them. Users should save Word documents to a disk or on the desktop and use the "Word Safe Mode" shortcut.
- Don't open .doc files from a Web site through Internet Explorer or any other browser.
- If customers don't see "safe mode" in the Word title bar, they are not running Word in safe mode.
Customers should use Word Viewer 2003 to open and view files. The free Word Viewer 2003 does not contain the vulnerable code and is not susceptible to the current exploit.
Per usual, Microsoft will also update its malicious software removal tool and host a live Webcast Wednesday 2 p.m., ET giving customers the opportunity to ask specific questions about the updates.
Microsoft will also release one non-security, high-priority update for Windows though its Windows Update (WU) and Software Update Services (SUS). It will also offer up a pair of non-security, high-priority updates via Microsoft Update (MU) and Windows Server Update Services (WSUS). The company didn't say what those updates will address.
This article originally appeared on SearchSecurity.com.