Fixes coming for Windows flaws

Microsoft plans to release two security alerts with patches for an unspecified number of flaws in the operating system.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
As part of its monthly patching cycle, Microsoft plans to release on Tuesday two security bulletins with fixes for flaws in Windows.

At least one of the alerts is deemed "critical," Microsoft's highest risk rating, the company said in a notice posted on its Web site on Thursday. Microsoft rates as critical any security threat that could allow a malicious Internet worm to spread without any action required on the part of the user.

Last month, Microsoft released one security bulletin covering three flaws in the way Windows handles certain graphics files. That bulletin was also tagged critical.

Microsoft's notice did not specify which components of Windows are being repaired with Tuesday's patches or how many flaws the update will tackle. Security researchers have noted several unpatched flaws outstanding in Microsoft products. For example, eEye Digital Security lists six vulnerabilities on its Web site for which it considers fixes overdue.

Additionally, security researchers over the past few weeks have come forward with flaws in Internet Explorer, the Web browser part of Windows. One of these vulnerabilities could let an attacker commandeer a PC, and Microsoft itself has warned that the hole is actively being exploited to download malicious code to vulnerable systems.

As part of its monthly patch day, Microsoft also plans to release an updated version of the Windows Malicious Software Removal Tool. The software detects and removes common malicious code placed on computers.

Microsoft gave no further information on the upcoming bulletins, other than stating that the Windows fixes will require restarting the computer.

The Redmond, Wash., software maker offers advance notification about patches so people can get ready to install the updates.

Microsoft said it will host a Webcast about the new fixes on Wednesday at 11 a.m. PDT.