Microsoft on Tuesday will issue two critical bulletins that will fix vulnerabilities in Windows and Office, which if exploited successfully, could allow a remote attacker to take control of the computer, the company said Thursday.

The bulletins, part of the company's monthly Patch Tuesday fixes, affect Windows 2000, XP, Vista, Windows 7, Server 2003 and Server 2008, Office XP, Office 2003, 2007 Microsoft Office System, and Microsoft Visual Basic for Applications and Visual Basic for Applications software development kit. Windows 7 and Server 2008 R2 customers are not vulnerable in their default configurations, however, the company said in a post on the Microsoft Security Response Center (MSRC) blog.

Absent from the Patch Tuesday's bulletins, however, will be a fix for a vulnerability in SharePoint Services 3.0 and SharePoint Server 2007 that was disclosed last week and which could lead to a cross-site scripting attack via the browser. Proof of concept exploit code has been published.