Microsoft Corp. last week said that three Windows security updates, including one rated “critical,” will be released tomorrow.
The company acknowledged, however, that it will not deliver a fix for an Excel flaw that attackers are now exploiting.
Microsoft didn't disclose details of the patches, other than to say which versions of Windows will be affected.
“It's pretty nebulous,” said Andrew Storms, director of security operations at nCircle Network Security Inc. “They could be any number of things.”
The critical update will affect all still-supported editions of the operating system, including Windows 2000, XP, Server 2003, Vista and Server 2008. Unpatched “critical” bugs allow PCs to be hijacked by hackers without any action by users. The other updates, labeled “important,” fix so-called spoofing bugs, which typically are used to trick users into divulging confidential information.