Microsoft to fix Internet Explorer flaw on Tuesday

Microsoft announced today on its Security Bulletin Advance Notification site that it will release five security updates as part of next week's Patch Tuesday release – one of which will fix the well known flaw that allows malicious users to run code on vulnerable PCs.

Some experts had guessed wrongly that the Redmond, Wash., computing giant would make a patch for the createTextRange() flaw its second early release of the year.

Four of next Tuesday's updates will affect Microsoft Windows and have a maximum severity rating of "critical" and "one of the updates will be a cumulative IE update that addresses the publicly known 'createTextRange()' vulnerability," according to the advance notification.

Another bulletin will affect both Microsoft Office and Windows, with a maximum severity rating of "moderate."

Each of the updates may require a restart, and all will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scanning Tool, according to the advisory.

Last month, Redmond released two security bulletins, including one for a hole in Microsoft Excel that could be exploited via malicious document.

On Valentine's Day, Microsoft treated users to seven new patches, five of which were marked "critical" by the company. Four of the February updates were for Windows, with one update for Windows Media Player and one for both Windows and Office.

January saw the first – and so far only – early patch release of the year, with Microsoft distributing a fix for the notorious Windows metafile (WMF) flaw. Days later, it released patches for a vulnerability in embedded web fonts in IE and for a TNEF decoding vulnerability in both Office and Microsoft Outlook.