Microsoft preps two-for-one security special

As part of its monthly patching cycle, Microsoft plans to release on Tuesday two security bulletins with fixes for flaws in Windows.

At least one of the alerts is deemed "critical", Microsoft's highest risk rating, the company said in a notice posted on its website on Thursday. Microsoft rates as critical any security threat that could allow a malicious internet worm to spread without any action required on the part of the user.

Last month, Microsoft released one security bulletin covering three flaws in the way Windows handles certain graphics files. That bulletin was also tagged critical.

Microsoft's notice did not specify which components of Windows are being repaired with Tuesday's patches or how many flaws the update will tackle. Security researchers have noted several unpatched flaws outstanding in Microsoft products. For example, eEye Digital Security lists six vulnerabilities on its website for which it considers fixes overdue.

Additionally, security researchers over the past few weeks have come forward with flaws in Internet Explorer, the web-browser part of Windows. One of these vulnerabilities could let an attacker commandeer a PC, and Microsoft itself has warned the hole is actively being exploited to download malicious code to vulnerable systems.

As part of its monthly patch day, Microsoft also plans to release an updated version of the Windows Malicious Software Removal Tool. The software detects and removes common malicious code placed on computers.

Microsoft gave no further information on the upcoming bulletins, other than stating that the Windows fixes will require restarting the computer.

The Redmond, Washington, software maker offers advance notification about patches so people can get ready to install the updates.

Microsoft said it will host a webcast about the new fixes on Wednesday at 11:00(PDT).

Joris Evers writes for CNET News.com