Microsoft will use the first Patch Tuesday of the New Year to address three vulnerabilities in its Windows architecture.
The company said it expected to issue two bulletins next week: one affecting Vista that was rated "important" and a second bulletin with an aggregate rating of "critical" that affected all supported versions of Windows.
The potential impact of all vulnerabilities was said to be remote code execution.
"As always, we recommend that customers deploy these updates as soon as possible," Microsoft trustworthy computing senior response communications manager Carlene Chmaj said in a blog post.
Microsoft confirmed that this month's release would not include fixes for the vulnerability in the Windows graphics rendering engine, nor a public vulnerability affecting Internet Explorer.
The IE vulnerability was caused by the "creation of uninitialised memory during a CSS function within Internet Explorer," the vendor said.
"It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted web page to gain remote code execution," Microsoft said in a security advisory.
Chmaj said today that Microsoft had "started to see targeted attacks" using the IE vulnerability.
Copyright © iTnews.com.au . All rights reserved.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.