Microsoft plans first critical Office 2010 patch

Software Imperium Microsoft said that it will  ship three security updates next week to patch 11 vulnerabilities, including the first in Office 2010 pegged “critical.”

This means that Office for Mac 2011, which only hit the streets last week,  will also be patched for the first time.

Only one of the three updates was marked critical, the highest threat ranking in Microsoft’s four-step system.

Two of the three patches applies to Office, while the third will affect Forefront Unified Access Gateway 2010, which is the Imperium’s virtual private networking platform.

The need for an Office 2010 update is surprising because it was developed using what the Imperium called its newest file formats and the newest sandboxing techniques.

Dubbed Protected View the system was applauded by security experts because it
cut Word, Excel and PowerPoint off from the rest of the computer system making such files operate in a read-only environment.

This stopped malware which has used Office documents from harming the PC or hijacking the system.

Tuesday’s update for Office 2010 will be the first critical patch for the suite since it launched in May, and only the second ever for the application bundle. Microsoft patched an important vulnerability last month with the MS10-079 update.

Missing from the list of things that will be fixed next week is a bug in Internet Explorer (IE) which is being used by hackers for drive-by attacks.

The Imperium has published a workaround for the IE vulnerability, but it might be more than a month before we see a patch. The Imperium insists that the drive by hack is not a significant threat, despite reports that it has been seen in the wild.