Microsoft finds another "critical" Windows flaw

As part of its monthly patching cycle, Microsoft on Tuesday plans to release one security alert for flaws in the Windows operating system.

The security bulletin is deemed "critical", Microsoft's highest risk rating, the company said in a notice posted on its website on Thursday. Last month's "Patch Tuesday" also included a critical alert for Windows flaws. One of the flaws was exploited days later by the Zotob worm that wreaked havoc on Windows 2000 systems worldwide.

Microsoft's Thursday notice did not specify whether one of the patches will be for Internet Explorer. Over the last few weeks, several security researchers have come forward with flaws in the web browser. Some of these vulnerabilities could let an attacker gain control of a user's PC.

There are several unpatched vulnerabilities in IE 6, according to Secunia. The security monitoring company has issued 85 alerts on the web browser since 2003; 19 of those security bugs remain unpatched, according to Secunia's website.

In addition to the Windows security fixes, Microsoft on Tuesday plans to release an update for Windows that it deems high priority but is not security related, the company said. Furthermore, an updated version of the Windows Malicious Software Removal Tool will be released. The tool detects and removes malicious code placed on computers.

Microsoft gave no further information on Thursday's bulletins, other than stating that some of the Windows fixes may require restarting the computer.

The Redmond, Washington, software giant provides information in advance of its monthly patch release day, which is every second Tuesday of the month, so people can prepare to install the patches. In August, Microsoft released six security bulletins, including three deemed "critical" for Windows.

Microsoft rates as critical any security threat that could allow a malicious internet worm to spread without any action required on the part of the user.

Microsoft said it will host a webcast about the new fixes on Wednesday at 11:00(PDT).

Joris Evers writes for CNET News.com