Microsoft is issuing only three security bulletins this month - and failing to deal with a known issue with Internet Explorer.
This month's Patch Tuesday fixes four flaws in three separate patches, one of which is rated critical, and the other two important. Last month, it issued a dozen patches to fix 22 flaws.
"The critical update affects Windows XP, Vista and Windows 7 while Windows Sever 2003 and Server 2008 are not affected," said Amol Sarwate, manager of Qualys' Vulnerability Research Lab.
"One of the important updates affects all Windows operating systems and we expect it to be for the MHTML Information Disclosure issue, which was left unpatched in last month's patch cycle," he said. "The other important update patches the little known Office Groove 2007 software."
The patches don't address any flaws in Internet Explorer, noted Alan Bentley, vice president at security firm Lumension. "Despite the clean up, there’s nothing to suggest we’re going to see a patch to address the recently exposed Internet Explorer zero-day vulnerability," he said.
Google, Apple and Mozilla patched up their browsers this week ahead of next week's Pwn2Own browser hacking competition.
