Microsoft Thursday said that it will release four security updates next week to patch every supported version of the company's Office business suite. All four updates will be labeled "critical," the company's highest threat ranking.(Compare Patch and Vulnerability Management products.)

The number of security bulletins Microsoft plans to issue on Tuesday, March 11, is substantially below last month's 11 , but the Office-only nature of the updates is unusual, according to one security expert. "It's extremely rare," said Andrew Storms, director of security operations at nCircle Network Security Inc. "This is the first time I've seen this, where not only are all the bulletins related to Office, but all are marked critical."

Microsoft's slate will patch Office 2000, Office XP, Office 2003, Office 2007, Office 2004 for Mac and Office 2008 for Mac, said the prepatch notice posted to the company's Web site this morning.

"But Office vulnerabilities aren't so rare that we shouldn't have expected something like this," said Storms. "Office has continued to play a pretty big role in Microsoft's security bulletins." Last month, in fact, four of the 11 updates plugged holes in the suite's applications.

Storms hesitated to guess at what vulnerabilities might be behind each update. "It's too early to tell if these involve publicly-known vulnerabilities. There's not enough information here." Still, some of the expected updates caught his eye.

Tagged Thursday in the prepatch notification as "Bulletin 2," one of the updates will repair Outlook, the suite's e-mail client. Judged "critical" by Microsoft, the fix will affect all currently-supported versions of Outlook, including Outlook 2007. "I was quite flabbergasted to see [the critical ranking on] Outlook 2007," said Storms. "That's bucking the trend, seeing something critical across the board."

Most Office updates slap a critical label on the oldest version of the bundle, Office 2000, but use less dire ratings on newer versions, thanks to Microsoft's work securing the applications -- notably their file formats. In the case of Outlook, however, the bug is pegged critical in all still-supported editions, from Outlook 2000 to Outlook 2007.

"That means it's probably not a format parsing problem," said Storms, referring to frequently-found vulnerabilities in Office's file formats, which attackers continue to leverage. "It looks to me like it's a problem more inherent to Outlook [itself], something deeper in the code."

For more enterprise computing news, visit For more gaming news, visit GamePro. http://www.gamepro.com/ Story copyright GamePro Media."http://www.computerworld.com/">Computerworld. Story copyright Computerworld, Inc.