Threats against Office typically require the user to open a file containing a malicious program, Kandek says. Microsoft has traditionally been more prone to issue the "important" rating to threats that involve user interaction, he added, making this month's critical bulletin "kind of interesting."

Marcus Carey, security researcher at Rapid7, speculated that the Office vulnerability patched with Bulletin 1 "is an underlying issue on how it processes data." Citing the recent phishing attacks against Mac systems, Carey says threats coming through Microsoft productivity software are "becoming a recurring theme for organizations and end users because it's primed for phishing attacks."

Beyond that, the remaining two critical patches will attract the most attention, primarily because they address vulnerabilities in versions XP through 7, Carey says.

"This means that all organizations and the entire user base will be affected by these critical bulletins," Carey says.

The other four bulletins were all rated important. Bulletins 4 and 5 address remote code execution vulnerabilities in Office, while bulletins 6 and 7 address elevation of privilege in Windows Vista and Windows 7.