REDMOND, Wash. – Microsoft Corp. (MSFT) released three critical patches Tuesday for its Windows operating system, including one to fix an Internet Explorer browser flaw that had already been exploited in some Internet attacks.
The critical patches — deemed by Microsoft to address the highest threats — fix flaws that could allow an attacker to take control of another person's computer without permission.
The Redmond software maker also released two patches to fix less-severe flaws in its products.
Microsoft said March 23 that it was aware that a flaw in its Internet Explorer had been made public, prompting some limited attacks. The company said at the time it expected to release a patch on Tuesday, the normal day for its monthly security fixes.
Building a patch can be complex as Microsoft must make sure that fixing one part of its vast Windows operating system does not break anything else.
The company also must rigorously test the patch so other applications won't stop working, something that could cripple businesses and frustrate home users.
But some outside security experts argue that Microsoft should be doing more to help users, such as providing temporary bandages, while it prepares fixes for vulnerabilities that are made public before a patch can be issued.
At least one company, eEye Digital Security Inc. of Aliso Viejo, Calif., provided users with such a temporary fix for the Internet Explorer flaw.
Users can go to http://www.microsoft.com/security to download the Microsoft patches.