Microsoft Corp. has announced plans to ship two security bulletins on Patch Tuesday next week, and security analysts say it's a safe bet that one will cover critical flaws in the Internet Explorer browser. As part of its advance notice mechanism, Microsoft said at least one of the two bulletins will be rated "critical," but details are being withheld until Dec. 13.
"I'd be shocked if they didn't issue a fix for IE," said Marc Maiffret, co-founder and chief hacking officer at eEye Digital security, a research company that regularly reports software flaws to Microsoft. Maiffret noted that at least one unpatched IE flaw was being exploited by malicious hackers to plant backdoors on vulnerable machines; he argued that Microsoft should act responsibly and ship an IE update. Even after Patch Tuesday, Maiffret said that several dangerous Windows flaws will remain unpatched.