According to the company's "critical" security bulletin, flaws in its Office software, in combination with flaws in its Internet Explorer Web browser, could give malicious attackers the ability to view or alter Office files, or even wipe out users' hard drives altogether.
"This vulnerability could enable an attacker to run arbitrary commands on another user's system. By doing so, the attacker would be able to take any action that a user could take, including but not limited to loading and running programs, altering data on the system, reformatting the hard drive, or changing the security settings," Microsoft said.
The Office-related programs vulnerable to attacks include Microsoft Office 2000, Office XP, Money 2002, Money 2003 and Project 2002, as well as server software related to such client software, Microsoft added.
The company also said these kinds of attacks could be performed either through Web pages or through e-mail. Since over 100 million people use Office globally, the risk of attack is thought to be significant. More information and a patch for this flaw can be found on the Microsoft Web site.
Also this week, Microsoft revealed vulnerabilities in the three latest versions of its Internet Explorer browser software that could let attackers read files. These bugs can also be fixed by downloading software patches from Microsoft's TechNet Web site.
These newest flaws follow revelations just last week regarding security gaps in Internet Explorer and a complementary encryption program, which security experts said could expose credit card and other sensitive information to would-be attackers. With these most recent warnings, the company has now admitted to around 30 vulnerabilities in its software this year.
Meanwhile, Microsoft, often criticised for what technical experts consider to be a lack of adequate security in its products, is in the midst of convincing users that security its one of its top concerns. Earlier in 2002, the business launched a "trustworthy computing" campaign, which has cost an estimated USD100 million so far this year.