Critical vulnerabilities in Microsoft Office star in the latest edition of Microsoft's Patch Tuesday updates.

All told, Microsoft has released six critical patches and five patches described as important, addressing a total of 26 underlying vulnerabilities. All six critical updates address code injection risks involving Access, Excel, Microsoft Office and Internet Explorer.

Two of the patches (MS08-041 and MS08-042) cover vulnerabilities which had already been actively exploited by hackers, according to net security firm McAfee. Opening a rigged image or Office file as well as drive-by download attacks are all possible exploit scenarios for these flaws, which cover bugs in the ActiveX Control of Snapshot Viewer for Microsoft Access and a flaw in Word. Microsoft, for reasons best known to its security gnomes, rates the Word flaw only as "important" rather than critical.

McAfee reckons that updates that fix image processing flaws (MS08-044) and a cumulative update for Internet Explorer (MS08-045) are also likely targets for attacks and ought to receive prompt triage by sysadmins.

The Internet Storm Centre has published a useful overview of the updates here. Microsoft's summary can be found here.

Microsoft originally planned to publish twelve bulletins on Tuesday because of a "last minute quality issue", a posting on Microsoft's Security Response Centre Blog explains. ®

Related stories

• Microsoft, Apple trumpet bevy of critical vulns (10 October 2008)
• Black hats target Windows Media Encoder bug (16 September 2008)
• Microsoft delivers four critical updates (9 September 2008)
• MS preps four critical updates for September (5 September 2008)
• Microsoft ramps up vuln ActiveX controls cull (15 August 2008)
• MS preps 12 fixes for August Patch Tuesday (8 August 2008)
• Black hats attack gaping DNS hole (31 July 2008)
• Zero day Word flaw exploited by Trojan (9 July 2008)
• Updated MS DNS patch snuffs net connection for ZoneAlarm users (9 July 2008)
• MS issues eleventh hour Snapshot bug workaround (8 July 2008)