Microsoft is readying three patches for its monthly security update, to be released Tuesday.
One of the fixes is rated "critical," while the other two drew an "important" rating, according to Microsoft's advance notification, released Thursday. The critical bulletin and one of the important patches address issues in Windows, while the third fix affects Office, specifically Groove collaboration software.
In total, Microsoft is plugging four security holes.
Experts at vulnerability management firm Qualys said they expect one of the Windows patches to address a publicly known scripting vulnerability in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler, used by applications to render certain types of documents. That flaw, which could lead to sensitive information disclosure, was disclosed in late January, roughly a week before the February patches went live.
Microsoft has said it is aware of a publicly available proof-of-concept exploit but does not know of any active attacks.