May 4, 2012 at 6:53 PM ET
Microsoft will fix 23 security glitches in its monthly batch of patches to be released May 8. Several of the software flaws, if left unpatched, could allow an attacker to remotely compromise an infected computer.
Bundled into seven bulletins, the 23 bugs affect Microsoft Office, Windows, Silverlight and the .NET framework. In its advance notification, Microsoft explained that the three "critical" bulletins, Microsoft's highest category of severity, address bugs in all four programs that could allow an attacker to execute malicious code on infected systems.
(MSNBC.com is a joint venture of Microsoft and NBC Universal.)
Marcus Carey, security researcher at Rapid7, said the first bulletin, which addresses a critical Office vulnerability exploited when attackers craft malicious files to be opened by Office applications, highlights the persistent problem of phishing scams.
"This is becoming a recurring theme for organizations and end users, because it's primed for phishing attacks," Carey told SecurityNewsDaily.
The Office flaws are also being fixed for Macs in a parallel update using Microsoft AutoUpdate for Mac.
The notorious Flashback malware for Macs has been grabbing headlines, but there's another Trojan for Macs that has been exploiting a flaw in Microsoft Office. Carey said Mac users should apply the Office patches as soon as they're available.
The remaining four Microsoft bulletins for Windows are labeled "important," and could leave vulnerable software open to remote code execution or give an attacker elevated privileges.
Microsoft will release the seven security bulletins at approximately 1 p.m. EST on May 8.