The security bulletin is deemed "critical," Microsoft's highest risk rating, the company said in a notice posted on its Web site on Thursday. "Patch Tuesday" also included a critical alert for Windows flaws. One of the flaws was exploited days later by the Zotob worm that on Windows 2000 systems worldwide.
Microsoft's Thursday notice did not specify whether one of the patches will be for Internet Explorer. Over the last few weeks, several security researchers havewith flaws in the Web browser. Some of these vulnerabilities could let an attacker of a user's PC.
There are several unpatched vulnerabilities in IE 6, according to Secunia. The security monitoring company has issued 85 alerts on the Web browser since 2003; 19 of those security bugs remain unpatched, according to Secunia's Web site.
In addition to the Windows security fixes, Microsoft on Tuesday plans to release an update for Windows that it deems high priority, but is not security related, the company said. Furthermore, an updated version of the Windows Malicious Software Removal Tool will be released. The tool detects and removes malicious code placed on computers.
Microsoft gave no further information on Thursday's bulletins, other than stating that some of the Windows fixes may require restarting the computer.
The Redmond, Wash., software giant provides information in advance of its monthly patch release day, which is every second Tuesday of the month, so people can prepare to install the patches. In August, Microsoft released six security bulletins, including three deemed "critical" for Windows.
Microsoft rates as critical any security threat that could allow a malicious Internet worm to spread without any action required on the part of the user.
Microsoft said it will host a Webcast about the new fixes on Wednesday at 11 a.m. PDT.