Microsoft lines up zero-day hole patch

Microsoft plans to issue six security bulletins on Tuesday, including at least one with a fix for a security vulnerability that is actively being used in cyber attacks.

As part of its monthly patching cycle, Microsoft will release a bulletin with a "critical" fix for a security hole in its XML Core Services software, the company said in a note on its website. The vulnerability is a so-called zero-day flaw that's already being exploited for attacks.

The other five security bulletins will deliver updates for Windows, some of which will be rated "critical", Microsoft said. Security companies are tracking several flaws in the operating system and in its web browser component, Internet Explorer, that have yet to be put right.

Got two seconds?

Make your voice heard - take our latest poll.

Microsoft did not specify how many vulnerabilities in total its security updates will tackle, or say which components of Windows are being repaired. Additionally, the company appears to have no patch ready for a flaw in Visual Studio 2005, which is also already being used in attacks.

Last month, the software maker delivered 10 security bulletins, six of which were deemed "critical", the company's most serious risk rating. Critical vulnerabilities typically can allow a worm to spread or allow a Windows system to be fully compromised with minor or no interaction from the person using it.

Also on Tuesday, Microsoft will release an updated version of its Windows Malicious Software Removal Tool. The program detects and removes common malicious code placed on computers.

The software behemoth gave no further information on the upcoming bulletins, other than stating the fixes may require restarting the computer or server.

Joris Evers writes for CNET News.com