Microsoft released four fixes on its regularly scheduled Tuesday patch day, closing a dozen security holes in various Office applications and giving business customers more reasons to upgrade from Office 2000.

The software giant largest patch fixed seven security issues in Microsoft Excel, the company's spreadsheet program. While all seven vulnerabilities were rated Critical for the Excel component of Office 2000 and could allow an attacker to take control of a Windows PC running the program, only two of the flaws affected Office 2007. While all seven vulnerabilities affect Office 2004 for the Mac OS X, all are rated Important -- Microsoft's second-highest rating.

"It is the month of Office bugs,” Dave Marcus, research and communications manager at McAfee Avert Labs, said in a statement. ”Vulnerabilities in Office applications have been a favorite attack method among cybercrooks, especially in stealthy attacks that seek to steal high-value intellectual property. Trojan horse attacks often use rigged Office files that exploit vulnerabilities in the productivity suite.”

The U.S. Computer Emergency Readiness Team (US-CERT) warned on Monday that at least one of the Excel flaws is being exploited by malicious attackers.

Another severe vulnerability is an issue in the way that Outlook parses the mailto uniform resource identifier (URI) when passes from a browser. An attacker could use the Critical-rated flaw to take control of the victim's computer.

Two other vulnerabilities affect systems that have Microsoft's Office Web Components installed. Both flaws are rated Critical by the software giant.

“All of these security bulletins are serious, but the Microsoft Office Web Components one stands out because these ActiveX components are widely distributed and relatively easy to exploit,” Ben Greenbaum, senior research manager for Symantec Security Response, said in a statement.  “We’ve observed attackers continuing to target Web plug-ins in their quest to quickly and quietly install malicious code onto users’ computers.”  

The last two vulnerabilities affect all Office programs and could be exploited by a specially crafted Office file. The flaws are rated Critical for Office 2000 and Important for all other versions of Office.

If you have tips or insights on this topic, please contact SecurityFocus.