Storms speculated that the flaw -- or flaws, since Microsoft does not spell out how many patches compose each update in its advance notification -- may be in the file formats used by Office 2007 and Office 2010 on Windows.

Microsoft debuted new XML-based file formats in Office 2007 as replacements for older, proprietary binary formats.

"Maybe there's a bug in how Word opens or parses files," Storms theorized.

Others wondered the same.

"This vulnerability requires a victim to open up a malicious file or preview a malicious file in Outlook Web Access," noted Marcus Carey, security researcher with Rapid7, in an email today. "This vulnerability could result in the complete compromise of a system if exploited."