Microsoft released a total of six updates to patch eleven security holes on Tuesday, including fixes for four vulnerabilities in the company's productivity suite, Microsoft Office.

The vulnerabilities included two issues rated Critical by Microsoft for Excel 2000. Those two flaws and a third vulnerability were rated Important, or did not affect, other versions of the company's spreadsheet program. A fourth flaw, rated Important by Microsoft, could allow an attacker to remotely execute a program if a user of Microsoft Office Publisher 2007 opened a specially-crafted file.

Vulnerability researchers and attackers have focused on Microsoft Office over the past two years. Attacks using Trojan horse programs camouflaged as Office files have targeted executives and managers in many companies and government organizations. While Microsoft has warned of attacks using Office flaws in the past, the current crop of Excel flaws is not currently being used to compromise systems, the software giant stated in its advisories.

The other seven flaws fixed by Microsoft on Tuesday include a vulnerability in the firewall of the company's latest operating system, Windows Vista, which could allow IPv6 traffic to be used to gather sensitive information about the machine. Three flaws -- including two issues rated Critical -- affect Microsoft's .NET framework, another two issues affect the company's Active Directory server, and the last flaw could allow an attacker to run code on Microsoft's Internet Information Server.

An analysis of the flaws can be found on the security response blog of Symantec, the parent company of SecurityFocus. The analysis points out that, while not explicitly mentioned in the advisories, a fourth flaw in Microsoft's Active Directory server and other flaws in Microsoft Excel were patched by the software giant.