Microsoft plans to ship two bulletins next Tuesday to fix multiple remote code execution vulnerabilities in Windows, Microsoft Office and Microsoft Visual Basic for Applications. Both bulletins are rated critical, Microsoft s highest severity rating. The company describes a critical flaw as one whose exploitation could allow the propagation of an Internet worm without user action. Windows 7 and Windows Server 2008 R2 customers will be offered the Windows related patch but made it clear that those OS versions are not vulnerable in their default configurations.
Source: https://threatpost.com/microsoft-patch-critical-windows-office-flaws-050610/73931/